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A METHOD AND APPARATUS FOR AN IMPROVED SECURITY SYSTEM 
MECHANISM IN A BUSINESS APPLICATIONS MANAGEMENT SYSTEM 

PLATFORM 

5 

RELATED APPLICATIONS 

This application claims the benefit of U.S. Provisional Application No. 
60/176,153 filed January 14, 2000. This application is also related to the 
following utility applications which are filed on the same day as this application: 

10 Serial No. Filed , titled "A method 

apparatus for a business applications management system platform;" 

Serial No. Filed , titled "A method and 

apparatus for a web content platform;" 

Serial No. Filed , titled "Method and 

1 5 apparatus for a Business Server;" 

Serial No. Filed , titled "Method and 

apparatus for an information server;" and 

Serial No. Filed , titled "A method and 

apparatus for Managing Information Exchange Among Systems in a Network. " 

20 

COPYRIGHT NOTICE 
A portion of this patent document contains material which is subject to 
copyright protection. The copyright owner has no objection to the facsimile 
reproduction by anyone of the patent document or the patent disclosure, as it 
25 appears in the Patent and Trademark Office patent file or records, but otherwise 

reserves all copyright rights whatsoever. 

TECHNICAL FIELD 
The present invention relates to the general field of computers, 
30 telecommunications, and computer and Internet related systems. More 
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specifically, the invention relates to a computer security management system for 
managing security on a business application management platform. 

BACKGROUND 

5 Today software system developers are providing more efficient automated 

systems for managing the processing of information from multiple, inter-related 
applications, wherein the applications may be housed on disparate computer 
hardware platforms, in diverse locations, and have multiple domains. One 
concern in processing information from multiple, inter-related applications is 

1 0 security and data integrity. 

Many computer hardware systems, including enhanced security versions 
of UNIX, permit access to files, etc to be controlled by associating with each file a 
list of the users (and/or groups of users) who are allowed to access the file, with 
the types of access permitted to each. This list is an example of a security list. 

1 5 For example, a file might have associated with it a security Hst indicating whether 

a user is permitted to read, write, or execute the file. 

Similarly, computer systems running object-oriented software utilize a 
security list having an access control list that grants one or more privileges to one 
or more users on one or more objects. The security list also has a means for 

20 confirming that the particular active user has access rights to a particular object 

before permitting the user to access the object. However, the privilege granted by 
the security list only pertains to an object located in a particular domain, hi order 
for a user to have the same privilege granted in a different domain, the user must 
be added to the security list within that domain. Thus prior art security systems 

25 require redundant inputs rendering them inefficient and difficult to mange by a 

global administrator. 

Accordingly, there is a need in the art for an improved computer security 
management system for managing the applications housed on disparate hardware 
platforms in diverse locations. More specifically, there is a need for a computer 

30 security management system having a decentralized approach for managing 

security that allows a global administrator to define complex privileges containing 
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a set of (privilege, object) pairs that are domain independent. The current 
invention provides these facihties in various new and novel ways as more fully 
described below. 
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SUMMARY OF THE INVENTION 
The present invention presents an improved method and apparatus for an 
improved security system mechanism in a business applications management 
system platform that defines sets of allowed operations that groups of users can 
5 perform across multiple domains, thus minimizing user input effort. The security 

management system partitions a number of business objects into a number of 
hierarchical domains. A security list is then created and configured to grant a 
member the right to perform a security operation on the business object located 
within the hierarchical domain. The security list is created by adding the security 
10 operation to the security list, applying the security operation to one of the 

multiple domains, and adding members to the security list. 

In one embodiment of the invention, a member is an individual user, 
associated with a generic role, and/or associated with an automated process. 

In another embodiment of the invention, the right to perform said security 
15 operation is shared by more than one member. 

In another embodiment of the invention, the security list is a global 
security list configured to apply across multiple hierarchical domains. 

The present invention presents a computer security management system 
for managing security on a business application management platform. The 
20 security system includes a partitioning mechanism configxired to partition multiple 

business objects into multiple hierarchical domains. The security system also 
includes a security list mechanism configured to create a security list. The 
security list mechanism includes a security operation which applies within a 
hierarchical domain. The security list mechanism also includes a member. The 
25 security list grants the member the right to perform the security operation within a 

hierarchical domain. 

The present invention presents a computer-readable storage medium 
containing computer executable code for implementing a security management 
system for managing security on a business application management platform. 
30 The executable code instructs a computer to partition multiple business objects 

into multiple hierarchical domains. The executable code then instructs the 
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computer to create a security list by adding the security operation to the security 
list, applying the security list to a hierarchical domain, and adding the member to 
the security list. The security list is configured to grant a member the right to 
perform the security operation within a hierarchical domain. 
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DESCRIPTION OF THE DRAWINGS 

The features and advantages of the system and method of the present 
invention will be apparent from the following description in which: 
5 Figure 1 illustrates a typical configuration of Internet connected systems 

representative of the preferred embodiment of the present invention. 

Figure 2 illustrates a typical general purpose computer system of the type 
representative of the preferred embodiment. 

Figure 3 illustrates the general three tier relationship between user, web- 
1 0 servers and their related applications-server, and the database management 

system. 

Figure 4 illustrates a more detailed depiction of the applications-server 
portion of such a system as shown in FIG. 3 illustrating the business applications 
platform system of the present invention. 
1 5 Figure 5 illustrates an alternative configuration of the system which 

contains the invention. 

Figure 6 is an alternative depiction of the platform of the present 
invention. 

Figure 7 illustrates a more detailed configuration of an exemplary 
20 business server portion of the current invention. 

Figure 8A illustrates a more detailed configuration of an exemplary Web 
Content Server portion of the current invention. 

Figure 8B shows a process flow diagram illustrating how to produce 
dynamic web content. 

25 Figure 8C shows a process flow diagram illustrating the page development 

process. 

Figure 9 illustrates a preferred embodiment of the Interconnect 
Backbone. 

Figure 10 shows a process flow diagram illustrating a purchase order 
30 delivered from a Source site to a target system through Interconnect. 
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Figure 1 1 illustrates one embodiment of the structural overview of an 

IDK. 

Figure 12 illustrates one embodiment of a functional overview of an 
Information Distributor. 

Figure 13 illustrates an exemplary view of APIs associated with the 
Information Distributor. 

Figure 14 illustrates an exemplary view of using Information Distributor 
or IDK. 

Figure 15 illustrates an exemplary overview of Query Objects. 

Figure 16 illustrates an exemplary overview of the Implement Custom 
Delivery Service. 

Figure 17 illustrates a preferred embodiment of the Business 
Applications Management System Platform. 
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DETAILED DESCRIPTION 
The present invention provides a solution to the needs described above 
through a system and method for integrating the disparate appHcations, and 
managing the applications processes in a hardware resource and user effort 
efficient manner. The automated system of the present invention uses a business 
systems platform architecture comprised of several imique servers in a base 
platform (the "Platform") to efficiently manage multiple applications which may 
themselves generally be distributed across a network. The platform makes use of 
a collection of Core Services which provide additional security, 
internationalization services, and reporting services which are applicable to all 
applications. The Core Services are made available to a multitude of common 
business objects, which themselves are made available to various applications. 

The present invention is a Business Applications Management System 
Platform Architecture (the "Platform" or alternatively the "SABA architecture") 
which is designed to maintain and use a set of unique servers and common objects 
to generate the set of tasks required to be performed to complete a designated 
business transaction in a concrete, and useful way. In the preferred embodiment, 
the platform permits apphcation developers to work on the business aspects of the 
application without having to focus on transaction management, security, 
persistence of data or life cycle management of the object itself. The servers and 
other aspects ofthe Platform are described in more detail below. However, a 
general overview of a preferred embodiment of the invention is first described. 
(1) General Overview 

The technology used as part of the system currently is, and will be, able 
to interface with many other industry standard software programs to make the 
exchange and flow of data easy and accurate. 

The system is predominantly web-enabled, which extends its use to all 
industry professionals connected to the Internet. The Platform provides a imified 
set of interfaces, an application Framework, that encompass Business Object 
development. Web-application development, external connectivity development, 
and information distribution development. 
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The system is predominantly based on object-oriented programming 
principles as described in "Object-Oriented Software Construction" by Bertrand 
Meyer, Prentiss-Hall, 1988, ISBN 0-13-629049-3 and the Sun Microsystems™ 
developed JAVA^^** systems described in the following publications: 

• Enterprise JavaBeans Specification, vl . 1 (can be found at 
//j ava.sun.com/products/ejb/ docs.html) 

• Enterprise JavaBeans, Richard Monson-Haefel, O'Reilly. 

• Enterprise JavaBeans: Developing Component-Based Distributed 
Applications, Tom Valesky, Addison- Wesley. 

• Enterprise JavaBeans Developer 's Guide (Beta Version) at 

• //developer .java.sim.com/ developer/earlyAccess/j2sdkee/doc- 
beta/guides/ejb/html/TOC .html 

• J2EE Application Programming Model (Beta Release), at 

//developer.j ava.sun.com/ developer/earlyAccess/j2sdkee/download-docs.html 
all of which are incorporated fully herein by reference. The system makes 
use of some third party modules which are described in more detail below also. 
The terminology as used and described in these references for object, class, 
inheritance, component, container, bean, JavaBean, EJB, etc., are well known in 
these arts and are used herein generally without definition except where a specific 
meaning is assigned to a term herein. 

Overview of the Platform Architecture 

The following describes an overview of the preferred embodiment of the 
SABA architecture, and includes: 

• A discussion of the system-level architecture and the modules that 
comprise the SABA system. This includes a high-level overview of 
each module, and lists the principle interfaces and functionality 
defined by each module. 
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• A discussion of the application-level architecture, covering both the 
application-level architecture as exposed to different categories of 
users and some of the core business objects and their relationships. 

5 Referring now to Figure 5, in the preferred embodiment, Saba's 

architecture consists of four layers of APIs: 

1 . The Platform layer 501 provides underlying infrastructure for 
enterprise applications, including standards-based functionality for 

10 persistence and distributed logic, application integration, content 

generation, and metadata queries. 

2. The Core Services layer 503 is a module that provides a set of 
common functionality for enterprise application. It includes services 
such as security, internationalization, and reporting. 

15 3. The Common Business Objects layer 505 is a module that defines a 

set of business objects shared across all SABA applications. It 
includes objects such as Party and Plan. Vertical applications may each 
also contribute a set of common business objects. 
4. The Applications layer 507 provides objects and services particular to 

20 a given application. There are multiple modules contained within the 

Applications layer, including modules for Learning 525, Content 527, 
Performance 529, and Sales & Marketing 531. The specific 
applications modules indicated are shown by way of example. 

25 In the preferred embodiment, applicants have standardized their APIs 

around Session Bean Managers, interfaces that expose a common set of 
functionality. Each module therefore consists of several Session Bean interfaces. 
Thus, while SABA implements its managers using Entity Beans corresponding to 
persistent database objects, the interface as exposed to clients is solely that of the 

30 Managers. 
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This architecture also helps avoid circular dependencies by requiring that 
all dependencies be directed downwards. That is, a vertical application 507 may 
have dependencies on one or more sets of common business objects 505, but not 
on other applications. Similarly, common business objects 505 may depend on 
5 core services 503, and on other common business objects 505, but not on 

applications 507. 



Platform 

The Platform model 501 defines applicants' application platform, on top 
of which all additional business logic and functionality are implemented. 
10 Platform 501 provides the full set of standards-based services required for 

building modem enterprise applications. 

Platform 501 consists of the following services: 

• BDK (Business Development Kit) Business applications server 519 is 
Saba's EJB compatibility layer. It extends the standard Java business 

1 5 component model with SABA-specific enhancements, such as improved 

security and caching, as well as providing an abstraction layer to improve 
portability between EJB servers. The BDK 519 defines the following base 
interfaces: 

o ISabaEntityBean - The abstraction of a persistent object 
20 o ISabaSessionBean - The abstraction of a transactional service 

• WDK (Web Development Kit) server 523 is Saba's web content 
generation engine. Using web standards for XML and XSL, it provides a 
customizable framework for decoupling data from presentation, and 
generating web content in a variety of formats, from standard HTML to 

25 WML. The WDK 523 provides the following base interfaces: 

o IWDKObject - An object capable of serializing itself as XML 

• Interconnect is Saba's application integration platform. Using XML and 
open standards for ERP integration, it provides a scalable and reliable 
solution for batch and period import, export, and monitoring. 

30 Interconnect defines the following base interfaces: 
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o lAccessor — Service for exporting objects from SABA 
o Ilmporter — Service for importing objects into SABA 
o IMonitor - Service for monitoring object changes 

• Information Distributor Server 521 is applicants' query and delivery 
mechanism. Based on XML and RDF metadata standards, it defines a 
high-level query language and a set of agents for implementing 
information services, hitercormect provides the following services: 

o MetadataRepository - A datastore for querying metadata 
o ImportAgent - An agent for generating metadata 
o MatchAgent - An agent for locating metadata-based matches 
o Delivery Agent - An agent for delivering match results 

Core Services 503 

The Core Services module 503 provides the common business services 
needed by applicants' system. These services are not specific to any industry, 
such as learning; instead, they provide the support and functionality required by 
applicants to meet generic enterprise requirements. 

Core Services consist of the following Session Managers: 

• AuditManager - Tracks changes to objects in the system. Can return a 
complete history of changes, including date, usemame, and reason. 

• BusinessRuleManager - Manage system business rules, that is, company 
policies defining the system's behavior in given situations. 

• ComponentManager — Manage installed business objects for naming and 
instantiation. 

• CurrencyManager - Manage currencies and exchange rates. 

• DataDictionaryManager — Manage metadata about business objects. This 
metadata is used to generate user interfaces, specify constraints, and define 
object behavior. 

• DomainManager - Manage domains. Domains are hierarchical groupings 
of business objects that can be used for a variety of purposes. 
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• FinderManager - Create and invoke Finders. Finders provide a flexible 
mechanism for defining and executing database queries. 

• HandleManager - Centralize access to managers available to all business 
objects. 

• ilSnManager- Manage internationalization. Track information about 
locales, languages, timezones, and display formats associated with 
business objects. 

• LicenseManager — Manage software licensing. Track installed modules, 
license keys, and version numbers. 

• LOVManager — Define lists of values. 

• NLevelHierarchyManager — Support for nested folders. 

o FolderManager 

o FolderElementManager 

• NoteManager - Define notes (long text attachments). 

• PreferenceManager - Set user preferences. 

• SecurityManager - Manage user privileges. Assign permitted operations 
on objects to users and groups. 

• ServiceHolderManager - Enable and disable common services 
(discussion, chat, etc.) 

• ReportManager - Create and execute reports. Reporting engines currently 
supported include Brio and Crystal Reports 7. 

o LetterManager — Generate form letters. 

• TaxManager - Calculate sales taxes. 

• NotificationManager — Manage notifications. Associate actions, such as 
sending an email or executing a Java method, with predefined system and 
periodic events. 

• ActioiiManager 

o AttachmentManager 
o EventManager 
o ParamManager 
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o RecepientManager 
o TextBlockManager 
• UserManager - Manage user preferences and allow users to switch 
between roles. 

Common Business Objects 

The Common Business Objects module 505 defines the set of business 
abstractions that are shared across more than one vertical application. These 
objects may be either generic business concepts, such as a Party, or shared 
concepts specific to Saba's application domain, such as Calendar. 

Common Business Objects 505 comprise the following Session 
Managers: 

• AccountabilityManager - Used to manage a variety of relationships, 
such as reporting and organization membership, between entities in the 
system 

• CalendarManager - Manage calendars and schedules. 

o CorporateCalendarManager 
o PersonalCalendarManager 
o SfaCalendarManager 
o SfaCalendarOwnerManager 
o CheckListltemManager 

• PartyManager - Manage entities within a business. Includes 
employees, clients, companies, departments, and business imits. 

• LocationManager - Manage locations, including addresses and contact 
information. 

• RoleManager - Manage a function/job type within the value chain. 

• PlanManager - Manage plans, that is, proposed course of actions. 

• ProfileManager — Manage profiles, that is, comprehensive histories, 
goals, and plans for entities within a business. 
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• ValueChainManager - Manage value chain relationships between 
entities in an extended organization. 

Learning 

The exemplary Learning module 525 within the AppUcations layer 507 
defines the services used to build learning management systems. It provides APIs 
for defining learning offerings, which include classes, courses, on-line learning, 
and physical inventory, registering for and consuming learning, and tracking 
transcripts, certifications, and other results of learning. 

The following Learning Session Managers are delivered as part of 
Conmion Business Objects 505: 

• CatalogManager - Browse a learning catalog. 

• OfferingTemplateManager - The core abstraction of a learning 
intervention. 

The following Learning Session Managers are only available with the 
Learning application: 

• CertificationManager - Track certifications. 

o CertificationActionManager 

o CertificationCompetencyManager 

o HeldCertificationManager 

• LeamingManager - Manage learning offerings. Extends the concept of 
offering templates to include managing delivery types and delivery modes, 
offering instances, audience types, and offering modes. 

o AudienceTypeManager 

o DeliveryManager 

o DeliveryModeManager 

o EquivalentManager — Defines equivalent offering templates. 

o OfferingActionManager 

o OfferingManager 

o OfferingPolicyManager 

o OfferingTemplateDeliveryManager 



sf-1028086 



15 



Docket No.3 60322000900 



o ProductGroupManager 

o RosterManager 

o PrerequisiteManager 

• LeamingResourceManager - Manage resources used by classes, such as 
5 classrooms, faculty, and equipment. 

o InventoryManager 

o QualifiedlnstructorManager 

• RegistrarManager - Request and order a learning resource. Includes 
shipping and registration information. 

10 o CourseRequestManager 

o PackageOrderManager 
o PricingManager 

• RegistrationManager - Track completion and grading of learning offerings 

Content 

15 The Content module 527 within the Applications layer 507 defines the 

services used for all forms on on-line learning. It includes creating and launching 
WBT and VOD courseware, virtual classrooms, testing and assessment, 
community services, and analysis and tracking. 

The following Content Session Manager is delivered as part of Common 

20 Business Objects: 

• ContentHolderManager — Allows any business object to be a content 
holder 

• CourseContentManager - Associate content such as attachments and 
exams with learning offerings. 

25 The following Content Session Managers are only available with the 

Content application: 

• ContentManager - Manage learning content. 

o TestManager 

• AnalysisManager — Analyze test results. 
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• CommnnityManager - Create and manage learning communities. 

Performance 

The Performance module 529 within the Applications layer 507 defines 
the services available for managing human performance. It includes 
5 competencies and goals. 

The following Performance Session Managers are dehvered as part of 
Common Business Objects: 

• CompetencyManager - Assign competencies to roles, entities, and 
learning resources. Includes 

10 o CompetencyHolderManager 

o CompetencyProviderManager 

• OfferingCompetencyManager — Associate competencies with offering 
templates and find learning interventions that provide competencies. 
The following Performance Session Managers are only available with the 

15 Performance application: 

• Advanced competency definition, manipulation, and analysis, including: 

o CompetencyAnalysisManager 
o CompetencyGroupManager 
o CompetencyMethodManager 
20 o CompetencyModelManager 

• GoalManager - Manage and track goals. Includes assigning goals and 
observations on goals. 

o GoalLibraryManager 
o GoalObservationManager 
25 o GoalStateManager 

Sales and Marketing 

The Sales and Marketing module 531 within the AppUcations layer 507 
defines the services available for the running the finances and logistics of a 
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learning content provider. It includes the purchase of learning resources and tools 
for managing sales and marketing campaigns. 

The following Sales and Marketing Session Managers are delivered as part 
of Common Business Objects: 
5 • OrderManager - Generate orders. Includes invoicing and shipping 

options. 

• PurchaseManager - Track the pricing of learning resources. Includes 
getting and setting prices and managing price lists. 

The following Sales and Marketing Session Managers are only available 
10 with the Sales and Marketing application: 

• AccountManager — Manage client accounts. 

• Advanced order management, including: 

o TrainingUnitManager 
o PurchaseOrderManager 
15 • MarketingManager - Manage marketing campaigns, 

o RoyaltylnfoManager 
o ShipperManager 

• SalesMktManager — Order a learning resource. Similar functionality to 
RegistrarManager, but designed for use in a call center to fulfill external 

20 orders. 

• TargetMarketManager — Manage target markets and associate them with 
offering templates. 

• Territory Manager - Manage territories. 
Applications Architecture 

25 

An exemplary version of an application architecture which can make use 
of applicants' invention could consist of four distinct applications that interoperate 
to provide a complete Human Capital Development and Management solution. 
Each of these applications is based aromd a core set of metadata; the applicants' 
30 architecture's value lies in the effective management of this metadata. The 

diagram in Figure 6 describes this core metadata and how it is employed by 
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different types of users in this exemplary implementation of this architecture. 
Those skilled in the art will recognize that this architecture can be used with 
various other kinds of applications systems, such as: financial product sales & 
marketing systems; retail store management systems; various kinds of 
maintenance & repair management & dispatch systems; etc. 

Referring now to Figure 6, SABA Learning manages Catalog Metadata 
609 that describes a set of available learning interventions and Profile Metadata 
611 that describes a learner in the system, including learning history and 
enrollments. 

SABA Performance manages Profile Metadata 611 that describes 
individual and group goals, competencies, and development plans. Together, the 
Profile Metadata 611 in Learning 607 and Performance 605 provide a complete 
description of the human capital in an extended organization. 

SABA Information 603 and SABA Content 601 manage metadata about a 
variety of on-line resources. SABA Information 603 uses this metadata to 
construct information services targeted to individual's information needs, whereas 
SABA Content 601 uses this metadata to manage learning content throughout its 
lifecycle and construct intelligent, reusable Learning Objects. 

Users work with this metadata as follows: 

• Individual learners 619 query Learning Metadata (that is, the learning 
catalog) 609 to locate appropriate learning interventions. The system uses 
Learning Object Metadata 613 to deliver and track learning interventions 
and updates the Profile Metadata 611 as appropriate. 

• Team managers 621 work with Profile Metadata 611 to define, update, 
and track progress towards goals. They can analyze the metadata to 
identify problem areas and generate plans for meeting their goals. 

• Learning providers 617 use import and administration tools to create and 
update Catalog 609 and Learning Object Metadata 613. 
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One of the principal tasks users perform in such a system is finding 
performance interventions - resources and services that can be applied to improve 
human capital performance. The diagram in Figure 7 details the business objects 
5 that support this process and their relationships. 

There are multiple, complementary mechanisms for identifying 
interventions. 

Competency gap analysis can be applied to either an individual's goals 

10 713 or roles 715. The analysis compares the required competencies for reaching 

a goal 713 or filling a role 715 (either held or targeted) to actual held 
competencies and generates a competency gap 721. Learning interventions 
(offerings 723) that fill the competency gap 721 are the identified. A variety of 
other intervention types are planned, including information 733 and community 

15 services 735. 

Certification gap 719 analysis compares a role's certification 
requirements associated to the actual learning profile of the individual in the role. 
It then identifies the quickest certification track to completion and recommends 
appropriate learning offerings 723 from the catalog. 

20 Having described an exemplary application we now describe the invention 

in additional context. 

In a preferred embodiment, the Platform can support both Application and 
Business component development, as well as integration with development tools, 
connectivity to external systems (import/export/ exchange), and information 

25 delivery. The architecture of the present invention adopts a three-tier model and 

is shown in the diagram in Fig. 3. In Fig. 3 a tier 1 web user 301 is cormected 
electronically to a tier 2 web server 305 which is cormected to a tier 3 applications 
server 307. Also in Tier 1 a dedicated user 311 may be directly connected to a tier 
3 applications server 307. And the tier 3 applications server 307 may be 

30 cormected to a database management system 309. 
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Referring now to Figure 4, the tier 3 applications server 307 is expanded 
in Fig. 4 to illustrate the Business Applications Platform 415 of the present 
invention. In Fig. 4, the Platform contains an Interface Server 417, an 
Information Server 419, an Interconnect Server 423 and a Business Server 421. 
5 All of these Servers 417, 419, 421 and 423 may physically reside on the same 

hardware platform (such as a UNIX box or a Microsoft™ NT'^^* platform), or each 
server may reside on a separate hardware box, or any combination of servers and 
hardware boxes. Each of the servers may have included a JAVA Virtual 
Machine™ and the related runtime support. The electronic communications 

10 between these servers may use the XML protocol (409, 425, 427) with each server 

having services for translating XML into the particular Applications Programming 
Interface (API) language required by the server and for translating its internal 
language into XML prior to transmission to another server. In a preferred 
embodiment, all of these servers are contained in a single tier 3 platform, and may 

1 5 communicate with each other directly without the necessity of changing the 

interfacing protocol format. The Interface Server 417 (also alternatively 
designated herein as the WDK) , commimicates through a web server 405 via the 
internet 403 to web clients 401 via the HTML protocol. The Interface Server 
417, also may communicate to a directly connected client 407 via other protocols 

20 such as XSL/XSLT etc., and may communicate to Personal Data Assistants 411 

such as cell phones or Palm Pilots™ or other such wireless devices using wireless 
protocols such as WAP/WML, etc. The Interface Server 417, contains 
mechanisms to manipulate various kinds of display style sheets, to generate and 
execute web links, to manage dynamic content generation and dynamic generation 

25 of Javascript, all of which is described in more detail below in the section on the 

Interface ServerAVDK 417. 

These servers and related facilities and others are described in more 
detail below. 

OPERATING ENVIRONMENT 

30 The environment in which the present invention is used encompasses the 

use of general purpose computers as client or input machines for use by business 
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users of various kinds, including clerks, managers, teachers, and/or systems 
administrators. Such client or input machines may be coupled to the Internet 
(sometimes referred to as the "Web") through telecommunications channels 
which may include wireless devices and systems as well. 

Some of the elements of a typical Internet network configuration are 
shown in Figure 1, wherein a number of client machines 105 possibly in a branch 
office of a large enterprise, a manufacturer, a financial enterprise, etc., are shown 
connected to a Gateway/hub/tunnel-server/etc. 106 which is itself connected to the 
internet 107 via some internet service provider (ISP) connection 108. Also shown 
are other possible clients 101, 103 possibly used by other application systems 
users, or interested parties, similarly connected to the internet 107 via an ISP 
connection 104, with these imits commimicating to possibly a home office via an 
ISP connection 109 to a gateway/tunnel-server 110 which is connected 1 11 to 
various enterprise application servers 112, 113, 114 which could be connected 
through another hub/router 115 to various local clients 116, 117, 118. Any of 
these servers 112, 113, 114 could function as a server of the present invention, as 
more fully described below. Any user situated at any of these client machines 
would normally have to be an authorized user of the system as described more 
fully below. 

An embodiment of the Business Applications Platform System of the 
present invention can operate on a general purpose computer unit which 
typically includes generally the elements shown in Figure 2. The general 
purpose system 201 includes a motherboard 203 having thereon an 
input/output ("I/O") section 205, one or more central processing units 
("CPU") 207, and a memory section 209 which may or may not have a flash 
memory card 211 related to it. The I/O section 205 is connected to a keyboard 
226, other similar general purpose computer units 225, 215, a disk storage unit 
223 and a CD-ROM drive unit 217. The CD-ROM drive unit 217 can read a 
CD-ROM medium 219 which typically contains programs 221 and other data. 
Such programmed computers may also be connected electronically to database 
systems such as those available from Oracle'^'^, Sybase™, Informix'^'^ , 
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SQLServer from Microsoft™ and the like. Logic circuits or other components 
of these programmed computers will perform series of specifically identified 
operations dictated by computer programs as described more ftiUy below. 

DETAILED SYSTEM DESCRIPTION 

The Platform system of the present invention is now described in more 
detail. In general a preferred embodiment with a presently known best mode for 
making and using the system is described. Alternative embodiments are similarly 
described for various parts of the Platform system. 

BUSINESS APPLICATIONS SERVER/BDK 

Preferred embodiment 

The following description of the BDK Business application server covers 
the presently preferred embodiment and the presently known best mode for 
making and using it. This section is followed by a fiirther description of an 
alternative embodiment which may include features in addition to or in place of 
those in the preferred embodiment. 

L Overview 

The Business Development Kit applications server (BDK) component of 
the Platform provides a supporting framework for business objects. A business 
object is a Java object with persistent state that represents some entity in a 
business application, such as an employee or company. 

Specifically, the BDK provides a persistence framework for saving and 
restoring object state and a set of core services for performing a variety of useful 
operations on business objects. 

2. Persistence Framework 
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The persistence framework defines a common code path used to create 
new objects, restore and update existing objects, delete objects, and find objects. 
The code path consists of a set of Java code and database stored procedures to 
construct and verify object data and SQL commands to save and restore 
information using a relational database. 

The persistence framework is highly flexible because it is metadata-driven. 
For each class of object, the system provides a set of metadata — data about data — 
that defines the class' properties and behavior. This means that the data used to 
determine the behavior and characteristics of specific classes and instances of 
business objects is stored as distinct, editable information, rather than being hard- 
coded into the logic of the system. The persistence code itself is part of the 
metadata, that is, the SQL commands for save, restore, etc. are stored as metadata, 
not in soiirce code. As an example benefit, it makes applications much easier to 
port between databases because only the metadata for the SQL needs to be 
changed; no source code needs to be changed and recompiled. 

Use of metadata allows the system to be configured and otherwise 
modified by different clients for different deployments, resulting in unique 
runtime behavior of the system. Object properties that can be customized range 
from the labels used to display object information, to the type of data validation 
performed, to the amount of custom information associated with each object. 

A unique feature of the persistence framework is its support for an 
arbitrary amovmt of custom information, stored in what is known as "custom 
fields." Experience has shown that predefined business objects typically do not 
express the full set of data a given customer may wish to track, and that this data 
varies from customer to customer. Custom fields provide a way for different 
customers to uniquely extend the data stored with a class of business objects. In 
the current implementation, customers are provided with a set of five "custom 
fields" that can be searched, and an unlimited number of "extended custom fields" 
that cannot be searched, but provide additional data validation for date and 
numeric values. Again, the code to save and restore custom fields is all driven off 
metadata. 
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As an example of the persistence framework's operation, a user of the 
system may attempt to create a new employee by specifying the employee's first 
and last name, social security number, starting salary, and date of birth. The 
persistence framework performs the following operations to save this data as a 
new "SabaPerson" business object: 

• Uses metadata settings about the "first name", "last name", 
"ssn", and "birth date" properties of a "SabaPerson" to determine the 
data validation to perform. In this case, the metadata settings may 
instruct the framework to verify that values are provided for first name, 
last name, and ssn, that starting salary is greater than a fixed numeric 
minimum wage value, and that birth date is a valid date. 

• Uses metadata to obtain and execute a database stored 
procedure named "tpp__person_ins" that takes values for first name, 
last name, ssn, salary, and birth date as parameters and inserts these 
values into a database table named "tpt_person." 

2a. The Meta-Data Store 

In the preferred embodiment the meta-data store contains the definition of 
each type of object in the system, its attributes, and some basic properties of those 
attributes. Further, for each type of object, it contains a reference to the methods 
to invoke, to insert, update, delete or fetch a given instance of that object firom the 
persistent store. 

The Metadata store consists of the following tables: 

1 . fgt_dd_class 

Every business object in the system is registered in this table. This table 
also describes basic properties of objects. 
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fgt_dd_class has the following columns: 



Column Name 


Type 


Rq? 


Description 


Id 


Char (20) 




The identifier of the object. 


Ui_name 


Varchar2 (255) 




This is the display name of 
the object and generally used 
to paint UI as well. 


Description 


Varchar2 (255) 




Meaningful description of the 
object and its function. 


Enumber 


int 




Unique number for each 
ob j ect . 


Insert_spid 


Int 




Method call for inserting a 
new instance of the object. 
Foreign key to mesg_id column 
of f gt_mesg_table . 


Update_spid 


Int 




Method call for updating an 
existing instance of the 
object. Foreign key to 
mesg id column of 
f gt_mesg_table . 


Delete_spid 


Int 




Method call for deleting an 
instance of the object. 
Foreign key to mesg_id column 
of f gt_mesg_table . 


Sel det spid 


Int 




Method call for retrieving an 
instance of the object based 
on its id. Foreign key to 
mesg_id column of 
f gt mesg table . 


Finder_id 


Int 




Finder Id for invoking a 
default finder associated 
with the obj ect . 


Fixed attr ct 


Int 




Total count of the fixed 
attributes for the object. 


Attr_ct 


Int 




Total count of the attributes 
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for the object. This number 
is sum of all fixed and all 
custom attributes . 


Flags 


Char (10) 




Ten bit string describes the 
behavior of the object. 
1st bit = Object can be 
displayed in the security- 
screen for granting privs . 

2nd bit = This 2bit mask is 
set to see if reports or 
letters or both can be 
attached . 

3'"^ bit = Obsolete. 

4" bit = Obsolete. 

5*"" bit = If the object is 
owned in nature and cannot 
exist without its owner. 

6^^ bit = Obsolete 

7'^^ bit = If object can be 
customized bu end user. 

8'^^ bit = If Object can have 
Extensible attributes of its 
own. 


next at.tr enum 


rnt 




Enumber to use for the next 
custom attribute that will be 
added to the object. The 
install time value for this 
attribute is 10,000. 


Prefix 


char (5) 




This Sletter long string is 
used in generating Ids for 
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the object. This string is 
prepended to the number 
generated by the sequence. 


Table name 


Varchar2 (2 5) 




This is the name where the 
object is stored. The 
sequence, methods are also 
named based on this. 


Domain enum 


Int 




This is denormalized data and 
shows the enumber of the 
Domain attribute. 


Java class nam 
e 


Varchar2 (2 55) 




The java class name of the 
obj ect . 


Hlevel 


Int 




The level of the object in 
the object hierarchy. 


Parent id 


Char (20) 




In case of hierarchical 

object's it stores the parent 
object's id 



As an example, the following are the values for a class of business object 
representing domains: 



id 


ui name 


description 


eniimber 


insert spid 


ddclsOOOOOO 
000001095 


Domain 


Hierarchal 
Domain 


195 


10560 




update_spid 


deletespid 


sel det spid 


finder id 


fixed attr ct 


10562 


10561 


10563 


15710 


14 




attr ct 


flags 


next_a 1 1 renu 
m 


prefix 


tablename 


14 


1100001100 


100000 


domin 


f gt_domain 



domain enum 


java classname 


hlevel 


parent id 




com . saba . busob j . Sa 
baDomain 


1 
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2. fgt_dd_attr 

The attributes of each class of business object is stored in this table. This 
table also describes basic properties of each attribute. 
5 fgt_dd_attr has the following columns: 



Column Name 


Type 


Rq? 


Description 


Id 


Char (20) 


Y 


Unique identifier for an 
attribute . 


Cid 


OBJECTID 


Y 


The object id, this 
attribute belongs to 


Enutnber 


Int 


1 


Required to be unique within 
a class. The code should use 
these numbers to refer to 

the ID. Fixed enumbers are 
assigned in the range 1000- 

are allocated from 10,000 

KjLlWciI.KXo ■ dl^Ui. C.11LIL11 

in the corresponding object 
record stores the next 

^miml^P'T" 3T7"p 1 ~\ sVil "F piT~ "hHi q 

class . 




V SLJ-CllcLJL \ZD 

5) 


Y 


The column name in which the 
value of this attribute is 
stored . 


Ui_name 


Varchar (255) 


Y 


The name of the attribute, 
which is used for painting 
the UI. 


description 


Varchar (2 55) 


N 


Description of the 
attribute . 


Attr_tYpe 


Int 


Y 


The number corresponds to 
the data type of the 
attribute . 


list_of_vals 


OBJECTID 


N 


If the attribute val . is 
selected from a list of 
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values , then the id of the 
list is stored here. 


min val 


Int 


N 


If its a numeric column, 
then the min allowable value 
if any. 


max_val 


Int 


N 


If its a numeric column, 
then the max allowable value 
if any. 


def ault_val 


STR 


N 


Default value to use for the 
attribute when an instance 
of the object is created. 


str 1 


STR 


N 


This generation formula for 
those attributes whose 
values have to be generated 
on the creation of the 
object. The generation is 
driven by the generation bit 
in the flag. 


Flags 


varchar (15) 


Y 


1^*^ bit => The required 
bit. 

2"*^ bit => Reference bit is 
set if attribute points to 
another object. 

3""^ bit => LOV bit is set 
if its values must come from 
fixed list of values. 

4th bit => This two bit 
mask describes the type of 
the attribute. 

5th bit => Id bit is set if 
its an Id column. 

6th bit => Generation bit 



sf-1028086 



30 



Docket No.360322000900 



is set if the value need to 
be generated during the 
creation of an object. 

7th bit => Customization 
bit. This 4bit mask says if 
label, required or 
generation can be customized 
by end user. 

8th bit => Audit bit. 

9th bit => Obsolete 

10th bit => Obsolete 

11"''' bit => This bit 
describes the type of the 
custom attribute. 

12'''' bit => Domain bit is set 
if the attribute is domain 
id. 

13^^ bit => set if Default 
value can be changed by 
user . 

14"*' bit => set if Minimum 
value can be changed by 
user . 

15'^^ bit => set if Maximum 
value can be changed by 
user . 
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As an example, the following are some of the attributes defined for the domain 
business object: 



id 


cid 


enumber 


col_ 
name 


ui_ 
name 


attr_ 
type 


flags 


ddatrOOO 


ddclsO 


1000 


id 


ID 


8 


100011000 


0000000 


00000 










000000 


02991 


00000 
1095 












ddatrOOO 


ddclsO 


1001 


time_ 


Time 


4 


100000000 


0000000 


00000 




stamp 


Stamp 




000000 


02992 


00000 
1095 












ddatrOOO 


ddclsO 


1002 


name 


Domain 


4 


100000100 


0000000 


00000 






Name 




000100 


02993 


00000 
1095 












ddatrOOO 


ddclsO 


1003 


description 


Description 


7 


000000300 


0000000 


00000 










000100 


02994 


00000 
1095 












ddatrOOO 


ddclsO 


1004 


customO 


customO 


7 


000100300 


0000000 


00000 










010100 


02995 


00000 
1095 













5 

3. fgt_mesg_table 

This table stores the actual SQL code used for object persistence. In the case of 
insert, update, and delete methods, typically these are calls to stored procedures 
containing additional business logic in addition to database calls. 
10 Long SQL statements are stored in multiple rows, which are then reconstructed 

on-the-fly by the persistence layer. 



fgt_mesg_table has the following columns: 



Colixmn Name 


Type 


Rq? 


Description 


Mesg id 


Int 


Y 


This is the message id for 
the SQL statement group. 
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Mesg seq 


Int 


Y 


Since the SQL statements can 
be greater than 255 chars 
which is the length of the 
mesg_text columns . This 
column tells the sequence of 
this SQL statement in the 
group . 


Mesg_text 


Varchar (2 55) 


Y 


The text of message. 



As an example, the following are persistence calls for the domain business 
object. Note from the sample data above that 10563 is the code for retrieving an 
object, 10560 for inserting an object, and 10562 for updating an object. 



mesg id 


mesg seq 


mesg_text 


10563 


1 


select d.id id, d.time_stamp ts, d.name 
dname, d. description descr, d.customO cO, 
d.customl cl, d.custom2 c2 , d. customs c3 , 
d.custom4 c4 , d.created_on cron, d.created_by 
crby, d.updated_on upon, d.upd 


10563 


2 


ated_by upby, d.parent_id pid, parent. name 
parent from fgt domain d, fgt_domain parent 
where d.id = ®001 and d.parent_id = 
parent . id (+) " 


10560 


1 


begin fgp domain_ins (@001, @002, @003, @004, 
©005, ®006, ©007, ©008, @009, ©010, ©Oil, 
©012, ©013, ©014, ©015); end; 


10562 


1 


begin f gp_domain_upd (©0 01, ©0 02, ©0 03, ©004, 
©005, ©006, ©007, ©008, ©009, ©010, ©Oil, 
©012, ©013, ©014, ©015); end; 



Notice that the SQL references the actual table used to store domain data, 
fgt_domain (described in detail in the section on security). 

The f gp_domain_ins stored procedure is PL/SQL code defined as: 

create or replace procedure f gp_domain_ins 

( 

xid char, 
xtime_stamp varchar2 , 
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xname 


varclia]r2 , 


xde script ion 


va3rch.ar2 , 


xcustomO 


varcha3r2 , 


xcustoml 


varchair2 , 


xcustom2 


var'clia3r2 , 


xcustotn3 


varchar2 , 


xcustom4 


varchar2 , 


xcreated_on 


date , 


xcreated_by 


varchar2 , 


xup d a t e d_on 


date. 


xupdated_by 


varchar2 , 


xparent_id 


char, 


xnewts 


varch.ar2 



as 

begin 

/* validating that the parent of a node is not 

itself */ 

if (xid = xparent_id) then 

raise_application_error ( -20698 , ' ' ) ; 
return ; 

end i f ; 

/* parent_id cannot be null except for the root */ 
if (xid <> ' dominOOOOOOOOOOOOOOl ' and xparent_id is 

null) then 

raise_application_error { -20599, ' ' ) ; 
return; 

end if; 

insert into fgt_domain ( 

id, time_stamp, name, ci_name, description, 

customO, customl, 

custom2 , customs, custom4, created_on, 
created_by, updated_on, 

updated_by, parent_id) 
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values ( 

xid, xnewts, xname, lower (xname) , 
xdescription, xcustomO, xcustoml, 

xcustom2, xcustom3, xcustom4, sysdate, 

xcreated_by, sysdate, 

xupdated_by, xparent_id) ; 



/* update the denormalized flat tree table */ 
tpp_f lat_tree_relation (195, xid, null, null, 0) ; 



/* inherit a snapshot of the custom fields for all 



objects */ 



insert into f gt_dd_domain_to_attr 

(ID, TIME_STAMP, DOMAIN_ID, ATTR_ID, FLAGS, 
LOCAL_FLAGS, UI_NAME, MIN_VAL, 

MAX_VAL, DEFAULT_VAL, LIST_OF_VALS , 

GEN_MASK) 

select ' ddoat ' j | 
Ipad (ltrim(rtrim(to_char (fgt_dd_doinain_to_attr_seq.nextval) ) ) , 15, 
' 0 • ) , 

xnewts, xid, ATTR_ID, FLAGS, LOCAL_FLAGS , 

UI_NAME, MIN_VAL, 

MAX_VAL, DEFAULT_VAL, LIST_OF_VALS , GEN_MASK 
from f gt_dd_domain_to_attr 
where domain_id = xparent_id; 

end; 
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2b. Persistence Algorithms 

In a preferred embodiment all business objects that Saba's Application 
5 server manipulates are derived from a single base class called SabaObject. The 

SabaObject class provides save, restore, and delete capabilities by implementing 
the persistence layer architecture. All subclasses of SabaObject then inherit this 
behavior and rarely if ever override it. 

• Every SabaObject is expected to know which class it belongs 
1 0 to, and how that class is registered in the meta-data store. Thus each 

subclass of SabaObject stores a class identifier so that it can tell the system 
which entry in the meta-data store it corresponds to. 

• Every SabaObject also stores a state flag that determines 
whether this is a new object, or it is an object that already exists in the data 

1 5 store. This state then determines whether the object invokes an insert 

method or an update method during a save() invocation. 

• Every SabaObject has an unchangeable, unique identifier that 
identifies that particular object in the persistence store. The uniqueness of 
this identifier is guaranteed across the entire persistence store regardless of 

20 the type of object. 

The algorithm for save is then as follows: 

Look up the entry for the class of the object in the meta-data store. 
If the class is not found, raise an error "Unknown Class". 
If (State = new) 

25 M — look up the method to call for inserting the object. 

Else /* State - update */ 

M = look up the method to call for updating the object 
Marshall all the attributes of the SabaObject into the appropriate 
data structure. 

30 Check each of the attributes against the rules set for its nullity, 

constraints. If any of the constraints are violated, throw an error. 
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Lead the default values wherever necessary. 
Invoke M with that data structure. (1) 
For deletion, the basic process is identical, except that the invocation of 
the delete method only requires the unique identifier of the SabaObject to be 
passed in as its only argument. 

For restore, the algorithm is just slightly different and is as follows: 

Look up the entry for the class of the object in the meta-data store. 
If the class is not found, raise an error "Unknown Class". 
M = look up the method to call for fetching the object. 
Invoke M(unique ID of SabaObject) 

Unmarshall all the attributes returned by M. (2) 
In the presently preferred embodiment, the method invocation currently 
only supports invocation of database stored procedures although in alternative 
embodiments this will be extended to other types of persistence mechanisms. 

These stored procedures provide the actual intelligence of taking the 
marshaled arguments that come in, and storing them in specific fields in the 
database, and vice versa. Thus a combination of the meta-data store and the 
stored procedures create an abstraction layer that allows the base SabaObject to 
store all objects through a simple, uniform algorithm. 




The persistence mechanism thus created allows the transfer of various 
kinds of objects to database storage as shown below. 
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Obiect I 



Obiect 1 



Object 2 



Object 1 



Fig 1' Single object to 
a single table 



Fig 2: Two objects to a 
single table 



Fig 3: Single object to 
two tables 



Object 1 






r 









Object 1 






r 






i 



I Fig 4: Object with calculated 
fields that do not physically 
exist in the table 



Fig J: Object does nothave 
denoimalised fields that exist 
in the table 



Individual messages are retrieved using a SQL command of the form: 
select mesg_id, mesg_seq, niesg_text from f gt_mesg_table 

where mesg_id = ? order by mesg_id, mesg_seq 

Query results are transformed into actual SQL code using the following 

method: 

private static String processMessage (ResultSet rSet) 
throws Exception, SabaException 



{ 



StringBuffer buf; 
String str; 

buf = new StringBuf f er (rSet .getString (kMsgTextCol) ) ; 
while (rSet.nextO != false) 

{ 

String temp = rSet . getString (kMsgTextCol ) ; 

buf . append (temp) ; 

} 

str = buf . toString { ) ; 
return str; 
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} 

} 

Retrieved messages are also stored in a local cache for improved 
performance. 

5 

2c. Configurable Custom Fields 

In the preferred embodiment, the Saba persistence mechanism provides 
built-in support for configurable, runtime definable, custom fields for any object. 
The basic mechanism is extremely simple. An administrative user 
10 interface is provided by which the meta-data definition of a given class can be 

extended by adding (or removing) custom attributes as needed. For each custom 
attribute, the user only needs to provide some very basic information about the 
type of the field, whether or not it is required, constraining minimum and 
maximum values for nvimeric fields, and a constraining fist if the field is to be 
15 validated against a list of possible values. 

The SabaObject implementation then simply picks up these fields during 
its normal marshalling and unmarshalling of arguments. Further, the SabaObject 
also performs the basic checks for nullity as it would normally do. 

To save and restore the custom fields, the actual algorithms are extended 
20 from the ones shown earlier. Jn the case of insert or update the following 

additional lines are called after the line marked (1) in the algorithm shown earlier: 
After invoking the basic method M 

Marshall all custom field data into the appropriate data structure 
Invoke the insert/update method for storing the custom data 
25 structure. 

In the case of restore, the following lines are added to the original 
algorithm after the line marked (2): 

Invoke the custom field fetch 

Unmarshall all custom field data and update the relevant fields in 
30 the SabaObject. 
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The actual storage where the custom field data for any given instance is 
stored, consists of a single table as defined below. All the custom field data is 
stored as tag-value pairs in typed columns. 

Fgtddcustom 

5 This common table provides the storage area for all data stored in the 



extended custom fields for a given object. 



Column. Name 


Type 


Rq? 


Description 


Id 


OBJECTID 


Y 




owner_id 


OBJECT ID 


Y 


Which object this custom 


attr_id 


OBJECTID 


Y 


Refer to the attribute 
for which value is 
stored . 


attr_type 


INT 


Y 


Type of the custom field. 
This matches the attr_type in 
the fgt dd_attr table and is 
a denormalization of the 
same . 


Num value 


Number 


N 


Value is stored here if it is 
Numeric type 


Str_value 


Varchar (25 
5) 


N 


Value is stored here if 
it is String type 


Date value 


Date 


N 


Value is stored here if it is 
Date type 



3 Core Services 

10 

BDK also provides a set of core services to perform useful operations on 
business objects. Some of these services include: 

Security. BDK provides extremely fine-grained security 
1 5 control to control whether specific users have privileges to perform 
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operations such as creating or viewing a particular class of business object. 
The system is unique in that it provides a flexible model of security roles 
and security lists to assign a set of privileges to distinct groups of users, 
and it employs a scalable notion of domains to differentiate among sets of 
business objects. The security model is explained in detail in a separate 
section below. 

- Auditing. BDK provides the ability to track the history of all 
changes to an object, including the date of a change, the identity of the 
user making the change, and a justification for the change. 

Internationalization (il 8n). BDK provides utilities for allowing 
business objects to be internationalized. Internationalization is a 
standardized process wherein message content, money amounts, dates and 
various other culture specific data are kept in separate files in order to 
permit an easy change from one countries language and cultural rules to 
another. This comprises both storing values of business objects in 
multiple languages and supporting multiple formats for date, currency, and 
other data types that vary among countries. 

Concurrency. BDK provides concurrency services for 
controlling overlapping write operations on multiple instances of an 
object, while permitting multiple reads at the same time. This is achieved 
via comparison of an instance-specific timestamp when committing of an 
object's state to the persistent store is requested. The timestamp is 
updated whenever the state of an object is altered and the object is 
successfully committed to persistent storage. 

Transaction Management. BDK provides two types of 
transactional services: procedural and declarative. In the former case, a 
developer explicitly marks the beginning and end of a unit-of-work using 
BDK's API. In the latter case, a developer can associate a transactional 
attribute with a method, and the BDK's Transaction Monitor keeps track 
of initiating and terminating transactions, as well as executing a method 
within the scope of an on-going transaction, based on run-time context. 
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- Logging. BDK provides logging functionality that can be used 
for capturing system state and operations in one or more logs. 

- Notification. BDK provides the ability to send notifications, 
such as emails or faxes, to predefined categories of users when the state of 

5 identified business objects changes. For example, everyone subscribed to 

a class may receive a page if the class is cancelled. 

- Business Rules. In a preferred embodiment, for example, 
Saba's learning application provides a set of pre-defined business rules 
that affect the workflow and behavior of various business objects in the 

1 0 system. The BDK provides a mechanism to enable and disable these 

business rules. For example, a customer can configure whether a 
manager's approval is required to register for a class. Similar business 
rules can be handled for other types of applications. 

- Notes. BDK provides the ability to associate arbitrary, free- 
15 form text, or "notes," with any business object in the system. 

4 Application Programming Interfaces 

In the preferred embodiment, the BDK exposes Application Programming 
20 Interfaces (APIs) for use in programming the system. A variety of APIs with 

equivalent fimctionality are supported on top of the persistence framework. The 
system supports both propriety and industry-standard forms of Java API, as well 
as XML-based APIs. 

25 a. SabaObiect API 

One Java API is a proprietary "SabaObject" interface to a business object. 
A SabaObject is a Java class defining a set of operations common to all business 
objects, including the ability to get and set properties using a variety of data types 
30 and the ability to save and restore an object's state. Specific business object 
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classes can subclass SabaObject to add functionality and business logic 
appropriate to that class. 

The Java interface for SabaObject is the following: 

5 

public class SabaObject { 
/ * * 

* SabaObject Constructor 

10 * Creates a new empty Saba object in the context of the 

given session. 

*/ 

public SabaObject (String sessionKey) ; 

15 /* methods to set attribute values as different datatypes 

*/ 

public void setAttrVal ( String attrName, Boolean attrVal) ; 
public void setAttrVal (String attrName, Timestamp 

attrVal) ; 

20 public void setAttrVal (String attrName, Integer attrVal); 

public void setAttrVal (String attrName, BigDecimal 

attrVal) ; 

public void setAttrVal (String attrName, String attrVal); 
public void setAttrVal (String attrName, Object attrVal); 

25 

/* methods to restore attribute values as different 
datatypes */ 

public String getAttrVal (String attrName); 
public String getStringAttrVal (String attrName) ; 
30 public Integer getlntegerAttrVal (String attrName); 

public Timestamp getTimestampAttrVal (String attrName); 
public BigDecimal getBigDecimalAttrVal (String attrName) ; 
public Boolean getBooleanAttrVal (String attrName) ; 

35 /** 

* Gets a hashtable of the attribute values. 
*/ 
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public Hashtable getAttributeValues () ; 
/ * * 

* Returns the display label for the named attribute 
*/ 

public String getAttributeLabel ( String attrName) ; 



/* save, restore, and delete methods */ 
10 public void save(); 

public void save (SabaTransact ion tr) ; 
public void restore (); 

public void restore (SabaTransaction tr) ; 
public void delete () ; 

15 } 

In the preferred embodiment, as part of a business object's creation, the 
business object author provides four SQL statements corresponding to selection, 
deletion, insertion, and updating of the object. Pointers to these statements are 

20 provided as part of the metadata for the object as stored in fgt_dd_class. The first 

two (selection and deletion) types of statements take a single bind variable, 
namely, the id of the object. The other two take the id as well as all other attribute 
values in the order declared in the metadata for that object's attributes in the table 
fgt_dd_attr. The order of retrieval of attributes in the selection statement must 

25 also match such order. 

Upon receiving a request to create an in-memory representation of an 
object through the "restoreQ" method, BDK retrieves the selection statement for 
that class of objects, binds the variable to the id of the object that is desired to be 
30 restored, executes the statement, and fills in an instance-specific hashtable of 

attribute-value pairs with the values so retrieved. In addition, a standard SQL 
statement is executed to retrieve the value of extended custom attributes, and the 
results are again inserted in the aforementioned hashtable. For the 
"restore(SabaTransaction tr)" variant of this operation, the execution of these SQL 
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statements is done using the database connection contained in tr, the transaction 
argument. When executing the "deleteQ" method, the object is marked for 
deletion. Upon a subsequent call to "saveQ" or "save(SabaTransaction tr)," BDK 
checks for the state of the object. If it is an object that has been marked for 
deletion, the deletion SQL statement as supplied by the business object author is 
executed after binding the id, using the database connection in the transaction 
argument for the "save(SabaTransaction tr)" case. Other possibilities upon 
execution of the save operation are that the object instance is new, or it is an 
altered state of an existing object, hi these cases, the statements corresponding to 
insertion and updating are executed, respectively, after the replacing the bind 
variables with attribute values from the hashtable in the order specified in 
metadata. Li the case of insertion, BDK automatically generates a unique id for 
the object that is reflected both in the persistent storage and the in-memory 
representation. 

hnplementation of the setAttrValQ and get<type>AttrVal() involve setting 
and accessing values in the hashtable, respectively, using the provided attribute 
name as the key. get Attribute Values() returns a copy of the object's hashtable 
whereas getAttributeLabelQ looks up the attributes' metadata and returns the label 
corresponding to the chosen attribute. 

4b. SabaEntitvBean API 

Another Java API is based on the industry-standard Enterprise JavaBean 
(EJB) model. This model has a notion of "entity beans" that provide the interface 
to specific business objects. Accordingly, the persistence fi-amework provides a 
EJB-based abstract class, "SabaEntityBean" that implements the 
javax.ejb.EntityBean interface. The SabaEntityBean class provides default 
implementations of the following methods: ejbActivateQ, ejbPassivateQ, 
ejbRemoveO, setEntityContext(), ejbCreateQ, ejbLoadQ, ejbStoreQ, and 
unsetEntityContext(). Implementations of the ejbLoadQ, ejbStoreQ, ejbCreate, 
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and ejbRemoveQ methods rely on the selection, update, insertion, and deletion 
statements declared as part of metadata (please refer to the discussion of the 
implementation of SabaObject's API). Other methods are implemented as empty 
stubs that can be overridden by a developer if desired. 

In addition to defining the bean class, to implement an EJB one also needs 
to define a corresponding remote interface, a home interface, and, for entity beans, 
a primary key class. The remote interface is the external world's view of the bean 
and is comprised of the business methods that the bean wishes to expose. The 
getters and setters for the bean's attributes are also exposed through the remote 
interface. The home interface declares the life-cycle methods, such as those for 
creating, removing, or finding beans. 

In the preferred embodiment, the BDK provides two interfaces, 
ISabaRemote and ISabaHome, which a bean can extend for defining remote and 
home interfaces, respectively. The ISabaRemote interface extends the standard 
EJB interface EJBObject and provides the following sets of methods: 

• void setCustomAttrVal(String attr, <type> value), and 

• <type> getCustomAttrVal(String attr) 

for Boolean, Timestamp, String, Integer, Float, and Double data types. 
The ISabaHome interface provides a layer of abstraction over the standard EJB 
interface EJBHome. The BDK also defines a class SabaPrimaryKey (a thin 
wrapper aroimd the String class) which can be used by entity beans for defining 
primary keys. 

4c. Session Manager APIs 

The EJB model also has a notion of "session beans," higher-level 
interfaces that represent business processes. In the preferred embodiment, the 
BDK has standardized on the use of session bean-based interfaces as its public 
API; these interfaces are knovm as "session bean managers," and are implemented 
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using the lower-level entity bean APIs provided by the persistence layer. The 
BDK provides a SabaSessionBean base class that defines common session bean 
manager functionality, and a framework for several categories of "helper classes" 
- additional interfaces used in conjunction with specific session bean managers: 
5 ♦ Detail — represent immutable detail information about a 

specific business object 

• Handle— represent opaque references to a business object 

• Primitive - represent commonly used data structures, such as 
addresses and full names 

10 

4d. XML Interfaces 

In the preferred embodiment, the BDK also provides XML-based 
interfaces for saving and retrieving business objects; these interfaces provide the 
1 5 communication layer with the other Platform servers and components. 

One XML format is known as "Saba Canonical Format" (SCF). It is an 
XML serialization of the data in a SabaObject. The Interconnect server system 
reads and writes SCF to implement the AccessorReader and ImporterWriter for 
20 the native Saba system; refer to the Interconnect server section for more details. 

An example fragment of an SCF document, representing a business object 
defining a specific currency, is: 

<SabaObject type="com. saba .busobj . SabaCurrency" 
25 id="crncy000000000000001" status= "existing" > 

<name dt :type=" string ">US Dollars</name> 
<time_stamp 

dt :type=" string "> 199812 16 164 7032 90 0</time_stamp> 

<short_name dt :type="string">USD</ short_name> 
30 <flags dt :type="string">llGOOOOOOO</flags> 

</SabaObj ect> 



sf- 1028086 



47 



Docket No.3 60322000900 



In the preferred embodiment, another XML interface is the "IXMLObject" 
interface. An IXMLObject is a Java object capable of serializing itself into an 
XML representation. The detail, handle, and primitive helper objects used by 
session bean managers all implement this interface. The WDK server system uses 
5 these objects to generate dynamic web content by invoking the session bean 

manager APIs, then serializing the resulting objects into XML; refer to the WDK 
section for more details. 



The IXMLObject interface conforms to the "Visitor" design pattern, and is 
10 defined as follows: 



public interface IXMLObject { 
I ** 

15 * Accept a visitor. An implementation should ask the 

Visitor to visit each of its public elements (i.e., fields or 

properties) . 

* 

* ©param visitor The XML Visitor object 
20 */ 

public void acceptXMLVisitor (IXMLVisitor visitor) throws 
XMLVisitorException; 

/ ** 

25 * Get the preferred tag name for this object. 

* ©return the tag name to identify 
*/ 

public String getTagName ( ) ; 

} 

30 Note: a "visitor" object is one which has processes which represent an 

operation to be performed on the elements of an object structure. A visitor lets 
one define a new operation without changing the classes of the elements on which 
it operates. Visitor objects and their operation and use are described in more 
detail at pages 331-344 of Design Patterns ,by Gamma, Helm, Johnson, & 
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Vlissides, Addison- Wesley 1995, ISBN 0-201-63361-2 which are hereby fully 
incorporated herein by reference. Those skilled in these arts will recognize that 
various other implementations of these algorithms and concepts maybe developed 
without departing from the spirit and functionality of this invention. Additional 
background information can be found in 

Enterprise JavaBeans Specification, vl.l (can be fovmd at 
url=java.sun.com/products/ejb/ docs.html), and in other sections of the book titled 

Design Patterns ,by Gamma, Helm, Johnson, & Vlissides, Addison- 
Wesley 1995, ISBN 0-201-63361-2 which are hereby fully incorporated herein by 
reference. 

Alternative embodiment 

An alternative embodiment of the BDK business apphcations server may 
be described as follows, using the context of how a developer and user would use 
this portion of the system. In an alternative embodiment, the developer's use is 
outlined in the context of a BDK development kit which would be provided by 
Applicants for use in developing applications which can run on the Platform and 
by way of indicating some details unique to the Platform through a description of 
a use of the Business Development Kit. 

In the alternative embodiment, the Business Server embodies a 
development kit framework which provides a set of interfaces and classes in the 
form of Java packages, identifies certain services that developers can rely on, and 
defines an application development model. The framework relies extensively on 
the server-side component model espoused by Java, namely Enterprise JavaBeans 
(EJB) components. Selection of EJBs as the server-side component model is 
driven in part by the requirements of reliance on open standards and backward 
compatibility. Using EJBs also enables integration with other Java 2 Enterprise 
Edition (J2EE) technologies such as Java ServerPages (JSP) and servlets that one 
would intend to use for web applications development. Furthermore, a number of 
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EJB-enabled application servers available in the marketplace could be used to 
deploy the components so developed. 

In the alternative embodiment, the development kit classes and interfaces, 
the services, and the application development model are discussed in greater detail 
5 in the next three subsections. 

Classes and Interfaces 

The BDK interfaces and classes address the followfing needs. 

1 . Provide an additional layer of abstraction (by vrating wrappers around base 
Java classes) to provide a richer level of functionality needed by SABA 
applications and to allow future modifications with minimal impact on the 
client application code. 

2. Expedite component development by providing default implementations (that 
can be overridden) of certain required interfaces in EJB. 

3. Define certain interfaces that must be implemented by classes used for 
specific purposes (an example is that a class must implement a certain 
interface if its instances are used in a JSP page). 

4. Define certain classes that are necessary to provide basic services, such as data 
partitioning and logging, as well as utility classes for expedited application 
development. 

5. To the extent possible, eliminate application server dependencies in areas 
where the EJB Specification is currently not vendor independent. 

In the alternative embodiment, the following discussion of is backgrovmd 
for a discussion of the usage and types of EJBs within the context of the 
development kit described in more detail below. 

Metadata Support 

In the alternative embodiment, one of the facilities provided by the 
development firamework is that characteristics of business objects can be varied 
30 across deployment. For example, for an attribute, one can optionally specify 

whether it has a required attribute, the list of values (LOVs) that the attribute can 

50 

sf- 1028086 



10 



15 



20 



25 



Docket No.360322000900 



assume, its default value, and its minimum and maximum values. The values can 
be different across installations, as different customers have different 
requirements. To achieve this flexibility, metadata about the business objects and 
their attributes is captured in the system. 

In the alternative embodiment, some of the metadata that is currently 
captured about a class or an attribute could be dynamically determined using the 
Java reflection API. Examples include the parent ID and attribute count for 
business objects and attribute type for an attribute. The Java reflection API 
provides classes Class and Field that can be used to retrieve such information. 
Furthermore, instead of building a hashtable-based infrastructure for storing and 
retrieving attribute values, one can use methods like set and get in the Field 
class to operate directly on the attributes, which are declared as member variables 
of the class. 

The classes Class and Field by themselves, however, may not provide 
the rich functionality needed by certain applications. For instance, there is no way 
to indicate minimum and maximum values of an attribute in the Field class. 
Thus, what is needed is to create new classes that provide wrappers around 
Class and Field and capture the additional information. In the interest of 
consistency with previously used names while avoiding conflicts at the same time, 
two new classes maybe used: SabaPlatf ormClass (inherits from Class) 
and SabaPlatf ormAttribute (inherits from Field). In addition to the 
functionality provided by Class (e.g., for getting parent class), 
SabaPlatf ormClass provides for such additional functionality as domain- 
based attributes and getting fixed vs. extended custom attribute counts. Similarly, 
SabaPlatf ormAttribute provides functionality for LOVs, default value, 
and minimum and maximum values. (As we will discuss later, the classes 
SabaPlatf ormClass and SabaPlatf ormAttribute themselves are 
beans — or, entity beans to be more specific — in this alternative embodiment 
system.) 
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The classes SabaPlatf ormClass and SabaPlatformAt tribute 
will not be used directly by users of business components (though developers of 
such components will use them). Typically, the user of these classes will be a 
class SabaPlat f ormObj ect. In some instances, SabaPlatf ormObj act 
will make use of the functionality provided by these classes as part of an operation 
(e.g., when setting the value of an attribute, SabaPlat fortnObj ect will use 
SabaPlat formAt tribute to determine the minimimi and maximum value 
constraints), hi other cases, SabaPlatf ormObj ect will delegate an operation 
directly to one of these classes (an example would be retrieving the superclass of 
an object). SabaPlatf ormObj ect implements a set of methods for getting 
and setting attribute values that provide a centralized point for capturing the logic 
for such things as auditing and constraint checking, and are used by subclasses of 
SabaPlatf ormObj ect. 

In this alternative embodiment, a component user will not interact directly 
with even SabaPlat f ormObj ect. Instead, the component user will deal with 
a specialization of either a SabaEntityBean or a SabaSessionBean, 
which are discussed in the next subsection. 

Beans 

In the alternative embodiment, components based on Enterprise JavaBeans 
(EJBs) will be a basic building block for developing applications using the BDK. 
Below we provide a brief overview of EJBs. Those skilled in these arts will 
understand that various books and documents on the "java.sun.com" web site 
provide additional details on this subject. There are two types of EJBs: 

1 . Entity Beans, and 

2. Session Beans. 

Entity beans are used for modeling business data and behavior whereas 
session beans are used for modehng business processes. Examples of entity beans 
could be SabaClass (a training class, not a Java class), SabaPerson, and 
SabaRegistration. Entity beans typically would map to objects (tables) in 
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the persistent data store. Behaviors associated with an entity bean typically would 
relate to changing the data in the bean. 

An example of a session bean could be SabaRegistrar, which uses the 
entity beans mentioned above and encapsulates the business logic associated with 
5 certain tasks, such as registering for a class. Session beans are not persistent, 

though changes in data of certain entity beans or their creation or removal could 
result from the actions of a session bean. A session bean can be stateful or 
stateless. A stateful session bean maintains state information specific to the client 
using it, such that results of invocation of a method may depend upon the methods 

10 invoked earlier on the bean. (An example of a stateful session bean would be 

SabaShoppingCart , which would keep track of items in an order as they are 
being added, to be followed by either placement of the order or clearing of the 
cart.) This is typically done by storing client-specific data in instance variables of 
a bean, which are then used by the methods to accomplish their task. A stateless 

1 5 session bean does not maintain any state specific to a client. An example of a 

stateless session bean would be SabaTaxCalculator, which provides 
methods for computation of sales and other taxes. 

hi the alternative embodiment the development kit would provide two 
abstract base classes: SabaEntityBean and SabaSessionBean. (Whether 

20 a session bean is statefiil or stateless is indicated in something called a 

deployment descriptor.) These classes implement the 

j avax. ejb . EntityBean and j avax . ejb . SessionBean interfaces, 
respectively. The intent is to provide a default implementation of certain required 
methods to enable rapid development of components, yet allow a component to 

25 override the default implementation of the methods it chooses. The 

SabaEntityBean class provides default implementations of the following 
methods: ejbActivate () , ejbPassivate () , ejbRemove () , 
setEntityContext ( ) , ejbCreate ( ) , ejbLoad ( ) , ejbStore ( ) , and 
unsetEntityContext ( ) . Implementation of the ejbRemove ( ) and 

30 ejbCreate 0 are discussed in the next subsection. The other methods in the 
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list by default have an empty implementation. The SabaSessionBean class 
provides default (empty) implementations of the first four methods in the 
preceding hst.SabaEntityBean inherits from SabaPlatf ormObj ect and 
provides attributes common to all the entity beans, (such as namespace) and has a 
method toXML ( ) that ensures that all entity beans will provide an 
implementation for serializing their data to an XML representation. In other 
words, SabaEntityBean implements an interface ISabaXMLRenderable 
(explained later) and provides two convenience methods: 

findUsingRQL (String rql) and findUsingRQLURI (String URI) 
to locate specific entity beans using RQL. 

In addition to defining the bean class, to implement an EJB one also needs 
to define a corresponding remote interface, a home interface, and, for entity beans, 
a primary key class. The remote interface is the external world's view of the bean 
and is comprised of the business methods that the bean wishes to expose. The 
getters and setters for the bean's attributes are also exposed through the remote 
interface. A developer must implement these methods by calling the 
getAttrVal ( ) and setAttrVal ( ) methods available in 
SabaPlatf ormObj ect to take advantage of services like constraint checking 
and auditing. The home interface declares the life-cycle methods, such as those 
for creating, removing, or finding beans. 

The development kit provides two interfaces ISabaRemote and 
ISabaHome, which a bean can extend for defining remote and home interfaces, 
respectively. The ISabaRemote interface extends the standard EJB interface 
E JBOb j ect and provides the following sets of methods: 

• void setCustomAttrVal (String attr, <tYpe> 
value) , and 

• <type> getCustomAttrVal (String attr) 

for Boolean, Timestamp, String, Integer, Float, and Double 
data types. The ISabaHome interface provides a layer of abstraction over the 
standard EJB interface E JBHome. The BDK also defines a class 
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SabaPrimaryKey (a thin wrapper around the String class) which can be 
used by entity beans for defining primary keys. 

One final interface defined in the BDK for EJBs is 
I S abaXMLRende r ab 1 e . This interface extends the 

j ava . io . Serial izable interface and defines a single method, toXML ( ) . 
Only classes that implement this interface are eligible to act as return types of 
methods that are going to be invoked fi-om a Java ServerPage. 

In the alternative embodiment the BDK would come with a few 
prepackaged beans. One is a stateless session bean named 
SabaPlatf ormLogin that can be used to authenticate a user. Another is an 
entity bean named SabaNameSpace, which encapsulates characteristics of a 
namespace, including its place in the hierarchy and the list of users who have 
access to entity beans in that namespace. The namespace is used for data 
partitioning and seciirity purposes. 

Relationships 

Another area in which the BDK provides support is relationships amongst 
entity beans. In an object model, relationships between different classes are 
arranged in four categories: inheritance, association, composition, and 
aggregation. During implementation, the inheritance relationship is captured by 
extending a subclass fi-om a superclass. The other three types of relationships 
entail constraints between the classes being related. For instance, a composition 
relationship implies commonality of life span (i.e., destroying the "whole" should 
result in destruction of the "components") and an association relationship implies 
referential integrity constraints (i.e., creating an instance of a class which refers to 
a non-existent interface of another class is not permitted). In an alternative 
embodiment, such relationships can be captured through constraints in the 
database. 

In the alternative embodiment, the BDK will provide a 
SabaRelat ionship class, that has attributes for the name of relationship, the 
type of relationship, the source class and attribute, and the destination class and 
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attribute. The SabaRelationship class will encapsulate lifetime 
management constraints implicit in each of the different types of relationships. 
Thus, if an object is being removed and it is declared to have compositional 
relationship with some other objects, the SabaRelationship class will ensure 
5 the removal of the related objects. Similarly, when creating an object, the 

SabaRelationship class will ensure that referential integrity constraints are 
being satisfied. The SabaEntityBean class will delegate calls to the 
SabaRelationship class within its ejbRemove () and ejbCreate () 
methods- Any implementation that a component developer provides for these 

1 0 methods for a specific bean would have to call super . e j bRemove ( ) or 

super . e j bCreat e ( ) as appropriate. 

In the alternative embodiment, an attribute capturing the list of 
relationships (where each item in the list is of type SabaRelationship) will 
be defined in the SabaEntityBean class. By default (i.e., at 

15 S abaEnt i t yBean level), the list will be defined to be empty. When 

component developers create an entity bean by extending SabaEntityBean, 
they will be able to declaratively specify relationships between the bean being 
created and the other beans in the system. Additional relationships may be added 
to existing beans too when a new bean is created. 

20 In the alternative embodiment, besides lifetime management, the declared 

relationships could also be used for navigational purposes within the object 
model. As an example, consider a situation where the SabaRegistration 
bean is related to the SabaClass bean, which in turn is related to the 
SabaLocation bean. One would like to be able to retrieve attributes of the 

25 location (say, the map) of the class, given a registration. A new class, 

SabaCompositeRelationship will allow one to compose navigational 
paths in terms of basic SabaRelationship objects. Then, given a source 
object and the name (or id) of a composite relationship, the 
SabaCompositeRelationship class will be able to fetch the destination 

30 object(s). 
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Vendor-Specific Wrappers 

In the alternative embodiment, when some areas within the J2EE 
specifications are still not standardized and are left up to individual vendors for 
implementation, additional facilities will be needed. To prevent vendor-specific 
implementation details from migrating into SABA code, the BDK would provide 
a class Saba J2EEVendor that provides a wrapper around vendor-specific 
implementations. SabaJ2EEVendor provides static methods that can be used 
to perform activities in a vendor-neutral fashion in SABA code. An example 
method in SabaJ2EEVendor is getlnit ialContext ( ) , which 
encapsulates the logic for getting an initial context (at present, the mechanism for 
this is vendor-dependent). To use a particular vendor's implementation of J2EE 
specifications, one will have to provide implementations of the methods in this 
class. By default, the BDK will provide implementations of this class for a few 
selected J2EE servers. 

Miscellaneous Classes 

In an alternative embodiment, in addition to the foregoing, the BDK also 
provides the following utility classes that can be useful for developing 
components: SabaProperties, DateUtil, FormatUtil, LocaleUtil, 
SystemUtil, and Timer. Also, the following exception classes are supported: 
SabaException, SabaSecurityExcept ion, SabaFatal -Exception, 
AttributeNotFoundException, and 

SabaRelationshipViolationException. For logging purposes, the 
BDK provides a SabaLog class and for debugging purposes, the BDK provides a 
SabaDebug class. The functionaUty provided by the foregoing classes is similar 
to that available currently. 

The use of the various classes and interfaces discussed in this section is 
described in the "Application Development Model" section. 
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Services 

A number of services are required by application developers to develop 
robust, flexible, and scalable systems. A number of these services are provided by 
the commercially available application servers that host the EJB components. In 
the following paragraphs we discuss the various services that an application 
developer can rely on and how these services might be used. 

Distributed Components 

One of the key ingredients for building scalable systems is the ability to 
distribute components. In the EJB model, different beans can be deployed on 
different computers transparently. Separation of interfaces from the 
implementation enables automated generation of stubs and skeletons that hide the 
details of network communications. A chent application (or a bean that relies on 
another bean) (Subsequent references to a client application should be interpreted 
to be inclusive of beans that rely on other beans) uses a naming service to first 
locate the bean and then interact with it, thus making no assumptions about 
location of any given component. 

Naming 

As alluded to in the previous paragraph, before using a bean, it must first 
be located. All EJB application servers are required to provide Java Naming and 
Directory Service (JNDI) access for bean users. To use JNDI, a client application 
would typically first get an "initial context" (driven by properties such as where to 
find the EJB server, somewhat analogous to the JDBC connect string for locating 
a database), and then using the context, look up the home interface of the bean by 
its name. Using the home interface, the client can find a specific instance of a 
bean, create a new instance, or remove an instance. The naming service would be 
used and the interaction would be the same even if the bean instance is present 
locally (i.e., exists in the same Java Virtual Machine) instead of being deployed 
on a remote machine. 
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The JNDI naming mechanism also obviates the need for the 
SabaClassRegistry mechanism that is used at present. The client 
application looks for a bean by a name (say, Authent icat ion). Any bean 
class that provides the implementation of the remote and home interfaces can be 
deployed against that name in the application server. Thus, at one installation, the 
default bean class SabaPlat f ormLogin can be deployed with a name of 
Authentication, whereas at some other installation, the bean class 
SabaLDAPLogin can be deployed with the same external name to use a 
different authentication logic. 

Persistence 

One of the benefits of using EJBs is that component developers do not 
have to worry about persistence of data, as the container hosting the (entity) beans 
can manage such persistence. Automatic persistence service provided by the 
appUcation server enhances the productivity of bean developers, is more efficient 
at runtime, and allows the bean's definition to be independent of the type of data 
store used for persistence (e.g., a relational database or an object-oriented 
database). A component developer will be responsible for declaring part or all of 
the attributes of an entity bean as persistent in its deployment descriptor, and then 
mapping them to fields in a database at deployment time. The interface and 
mechanism of such mapping would depend upon the application server being 
used. 

The bean is automatically saved to the persistent store when it is created 
by a client application using the create ( ) method, and when the container 
decides to synchronize the bean's state with the database if the bean's data has 
been changed by the client application. The container's decision is based on such 
factors as transactions, concurrency, and resource management. The container 
will remove the data from persistent store when the remove ( ) method is called 
by a client on an entity bean. 
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Concurrency 

A component developer does not have to worry about concurrent access to 
an entity bean from multiple transactions (such as from several client 
applications). It is the responsibility of the container hosting the bean to ensure 
synchronization for entity objects, hideed, use of the keyword synchronized is 
prohibited by the EJB Specification. Concurrent access for session beans is not 
meaningful, since by definition an instance of a stateful session bean can be used 
by only one client and stateless session beans do not maintain any data that needs 
to be shared. 

Transactions 

For transactions, an application developer has two options: 1) to explicitly 
demarcate the boundaries of a transaction, or 2) to use declarative transactional 
management available with EJBs. Use of declarative transactional management is 
cleaner and is strongly recommended. In this case, the level of granularity for 
managing transactions corresponds to methods in a bean. Instead of interleaving 
transaction boundaries within business logic, transactional attributes are 
separately declared in the bean's deployment descriptor (for a specific method, or 
as the bean's default) as one of the following six options: 
TX_NOT_SUPPORTED, TX_SUPPORTS, TX_REQUIRED, 
TX_REQUIRES_NEW, TX_MANDATORY, TX_BEAN_MANAGED. Details 
of these can be found in books on EJB. 

Security 

As discussed earlier, application developers can use a stateless session 
bean, SabaPlatf ormLogin, to authenticate a user. In the deployment 
descriptor for every bean, access control entries are defined which list the 
identities (users or roles) that are allowed to invoke a specific method 
(alternatively, an access control list can act as the default for all the methods in a 
bean). According to EJB Specification, each client application accessing an EJB 
object must have an associated j ava . security .Identity object (generally 



sf-1 028086 



60 



Docket No.360322000900 



associated at login time). The general Security system used in the present 
invention was discussed in more detail above. 

Read/Write/ Arbitrary Privileges 
Search 

To locate an instance of an entity bean, each entity bean provides a method 
f indByPrimaryKey 0 in its home interface. In addition, other finder 
methods (which must be named in accordance with the pattern 
f ind<criterion>) can also be provided. With container-managed 
persistence, the container generates the implementations of such methods 
automatically at deployment time. The mapping of finder methods to the database 
is vendor-dependent at present, though a standardized syntax for the same is a 
goal of EJB 2.0 Specification effort. In the meantime, a developer can implement 
the finder methods in terms of f indUsingRQL ( ) and f indUsingRQLURI ( ) 
methods available in SabaEntityBean. 

Logging & Debugging 

A component may be used by multiple applications in an interleaving 
fashion. 

An application could have components distributed over multiple 
computers - how to assemble a unified log - use a "log server" bean - heavy 
performance price, impacts debugging class too. 

Turning on and off debugging on a component basis. Mechanics of how 
to do it without having runtime checks every time a method in Debug is called. 
What if one app wants a component to turn debugging on whereas another wants 
to turn it off. 

Application Development Model 

In the alternative embodiment, to develop an application using the BDK, 
an object model of the application domain should be first developed, retaining a 
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separation between objects that represent business processes and those that 
represent business data. The two types of objects, obviously, map to session 
beans and entity beans in EJB parlance. A controller object, for instance, would 
indicate a session bean whereas an object that persists its data would indicate an 
entity bean. An application would typically also include UI components (such as 
JSP pages or servlets) which would use such business components. Thus, there 
are two primary roles from an application development standpoint: 

1 . component developer, and 

2. component user. 

It is possible that an individual may play both the roles. Indeed, a 
component developer may need to rely on another component, and thus be a user 
as well as a developer. We will first look at the role of a component developer in 
the next subsection, and then look at the responsibilities of the component user. 
Finally, we will look at how an apphcation can be packaged in this alternative 
embodiment. 

Component Developer 

To create a component, a developer needs to perform the following steps. 

1 . Define the remote interface of the component. 

2. Define the home interface of the component. 

3. Define the bean class. 

4. Create the deployment descriptor of the component. 

As an example, one will build a simple SabaPerson component. 
SabaPerson is a container-managed entity bean useful for explaining some 
basic concepts in EJBs and the BDK fi-amework. One then illustrates issues 
surrounding business logic coding, transactions, and persistence in a question- 
answer format. Note that for simplicity's sake, package, import, 
try/catch/finally, etc., statements are not included in the following code 
segments. 

The Remote Interface 

public interface SabaPerson extends ISabaRemote { 
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public String getFullName ( ) throws RMIException; 
public String getFirstName ( ) throws RMIException; 
public String getLastName ( ) throws RMIException; 
public void setFirstName (String name) throws 
5 RMIException; 

public void setLastName (String name) throws RMIException; 

} 

The remote interface provides the business methods or the world's view of 
the component. In our case, we have a single method that a client can use to get 
10 the person's full name. Also recall that iSabaRemote already declares 

setAttrVal ( ) and getAttrVal ( ) methods for manipulating the attribute 
values (such as f Name and IName declared in the bean class), so they don't need 
to be declared again. 

The Home Interface 

15 public interface SabaPersonHome extends ISabaHome { 

public SabaPersonEJB f indByPrimaryKey (SabaPrimaryKey id) 

throws FinderException, RMIException; 
public Collection findByName (String fName, String IMame) 
throws FinderException, RMIException; 
20 public SabaPersonEJB create (String fName, String IName) 

throws CreateException, RMIException; 

} 

For container-managed beans, the container automatically provides an 
implementation of the f indByPrimaryKey ( ) method and generates the code 
25 for other finders (such as findByName ( ) ) from an external description, which 

pending EJB 2.0 Specification, is vendor-specific. 
The Bean Class 

public class SabaPersonEJB extends SabaEntityBean { 
public String id; 
30 public String fName; 

public String IName; 

public String getFullName ( ) throws RMIException 
{ 

35 return (fName + IName) ; 
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} 

public String getFirstName ( ) throws RMIException 
{ 

return (String) getAttrVal ("fName") ; 

5 } 

public void setFirstName (String name) throws RMIException 

{ 

setAttrVal ("fName", name) ; 

} 

10 

public void ejbCreate (String fName, String IName) 
{ 

this. id = IDGenerator .getNewID 0 ; 
this. fName = fName; 
15 this.lName = iName; 

} 

public void ejbPostCreate (String fName, String IName) 
{ 

// No action needs to be taken. 

20 } 

] 

The bean class provides implementations for the business methods 
declared in the remote interface. Note that the fields in the bean class are declared 
to be public. The EJB Specification require this for container-managed persistent 

25 fields. Furthermore, this is also required by the setAttrVal ( ) and 

getAttrVal ( ) methods for fields that should be accessible via this methods 
(the methods use reflection to locate the fields). The consequences of such 
visibility are limited, however, because the user of a bean only interact with the 
bean through the home and remote interfaces. It is not possible for a client to 

30 directly assign values to or retrieve values from such pubhc fields without going 

through the accessor and mutator methods defined in the remote interface. 

For each different signature of create ( ) method in the home interface, 
corresponding ej bCreate ( ) and ejbPostCreate { ) methods need to be 
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defined in the bean class. The code for the bean class is consistent with this 
requirement. 

The Deployment Descriptor 

In EJB Specification vl.l (which can be found at thejava.sun.com web 
site), the deployment descriptor is an XML file that declares such things as 
container-managed persistent fields and security and transactional characteristics 
of the bean and its methods. The following example shows part of a deployment 

descriptor. 

<en.tity> 

<description> 

This is part of the deployment descriptor of the 
SabaPerson entity 
bean . 

</description> 

<ejb-name>SabaPerson</ejb-name> 

<honie>com. saba . examples . SabaPersonHome</home> 

<remote> . . . </remote> 

<ejb-class> . . . </ ejb-class > 

<prim-key-class> . . . </ prim-key-class > 

<persistence-type>Container</persistence-type> 
<cmp-f ield>id</ cmp-f ield> 
<cmp-f ield>fName</ cmp-f ield> 
<cmp-f ield>lName< /cmp-f ield> 



<container- transact ion> 
<method> 

<e jb-name>SabaPerson</e jb-name> 

<me t hod - name > * < / method - name > 
< /method > 

<trans-attribute>Supported</ trans -attribute> 
</container- transact ion> 
</entity> 
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In EJB Specification 1.0, the deployment descriptor is a text file with a 
somewhat different format. The deployment descriptor is generally created using 
a GUI tool, generally suppHed by EJB Server vendors. Additional information on 
deployment descriptors can be obtained from EJB hterature and tool manuals. 
5 Depending upon the kind of business logic, there are different ways of 

encoding business logic in EJBs. Of course, implementation of the methods 
declared in the remote interface of a session bean or an entity bean encodes 
business logic. In addition, EJB provides "hooks" or callback methods for 
implementing additional types of business logic. We have already seen the 

10 ejbCreateO and ejbPostCreate ( ) methods that one can use in a manner 

analogous to insert triggers in a relational database. Similarly, the method 
e j bRemove ( ) (implemented with an empty body in SabaEnt ityBean and 
SabaSessionBean) can be overridden to encode logic related to deletion of a 
bean. For example, if we wish to encode the logic that if a person is removed, all 

1 5 the class registrations for that person should also be removed, we can override the 

e j bRemove ( ) method within SabaPer son in the following manner. The 

e j bRemove ( ) method is called just prior to actual removal of the data from the 

persistent store. 

public void ejbRemoveO 
20 { 

/* Locate the home interface (regnHome) for the 
** SabaRegistration bean (code not shown) 
*/ 

25 Collection regns = (Collection) 

regnHome . f indByPersonID (this . id) ; 

Iterator iter = regns . iterator () ; 
while (iter .hasNext ( ) ) { 

SabaRegistrationEJB registrn = 
30 (SabaRegistrationEJB) 

iter . next ( ) ; 

registrn . remove ( ) ; 

} 
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} 

Other callback methods are e j bLoad ( ) , e j bStore ( ) , 
ejbActivate ( ) , and ejbPassivate ( ) . 

In the alternative embodiment, transactional integrity can be maintained as 
follows. Consider a session bean which, as part of its remote interface, has 
declared a method cancel Class ( ) that encapsulates the business process of 
canceling a class. As part of class cancellation, we also wish to, say, remove the 
registration records of the persons registered for the class. The registration 
information is maintained by SabaRegist rat ion entity beans. Hence, within 
the implementation of cancelClass ( ) , besides updating some attribute of the 
SabaClass entity bean to indicate cancellation, we would also encode logic for 
finding the SabaRegistrat ion entity beans corresponding to that class and 
then removing them. However, either all these activities must succeed atomically, 
or no change to persistent store should be made (i.e., the activities constitute a 
transaction). This would be accomplished by declaring a transactional attribute of 
TX_REQUIRED for the method cancelClass { ) in the bean's deployment 
descriptor. If the calling client or bean already has a transaction started, the 
method will then be executed within the scope of that transaction; otherwise, a 
new transaction will automatically be started for this method. 

How can 

In an alternative embodiment, complex data types can be persisted for 
container-managed entity beans as follows. Suppose there is an entity bean with 
an attribute that has an array of strings as a data type. Since relational databases 
do not support such a data type, one cannot directly map the attribute to some 
column in a database. However, at save time, one can potentially convert the 
array into a single String by concatenating the elements within the array and using 
a marker character to dehneate various entries. Then, at retrieval time, one can 
look for the marker character and reconstitute the array. Entity beans provide two 
callback methods, e j bStore ( ) and ej bLoad ( ) that can be used for such a 
purpose. SabaEnt ityBean by default provides empty implementations of 
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such methods. An appUcation developer can override these methods within the 
definition of a bean and thus persist complex data types. 

hi the alternative embodiment, every class in an application does not have 
to be a bean, hideed, with the overhead of locating a bean through a naming 
service and going through the home and remote interfaces of a bean to perform 
useful work would negatively impact performance (though some servers will 
optimize the process for beans located within the same virtual machine). The 
apphcation developers c^ implement selected classes as helper classes and not as 
beans. Sun Microsystems' J2EE Application Programming Model identifies 
certain instances where helper classes are applicable. One such example is 
dependent classes that can only be accessed indirectly through other classes 
(beans). Sun's J2EE APM offers CreditCard and Address classes as 
examples of a dependent classes. 

EJBs are packaged as EJB jar files that are comprised of the .class files for 
the bean class, the home interface, the remote interface, the primary key class (if 
applicable), in addition to the deployment descriptor and a manifest. The jar file 
can be created using the j ar apphcation supphed with JDK, or by using some 
GUI firont-end utility provided by the J2EE server being used. The deployment 
mechanism varies with the servers. For Weblogic server, an entry can be made in 
the weblogic . properties file; for Sun's reference implementation, the 
deploy tool utility can be used to achieve this in an interactive manner. 

At present, the EJB Specification does not provide a mechanism for 
declaring such constraints, and this would have to be achieved programmatically 
in the create ( ) and mutator method(s) of the entity beans. 

Component User 

As described above, in the alternative embodiment, a partial example of 
usage of a component was described in the context of business logic encoding. 
This section provides a fuller picture of how a component is used in an alternative 
embodiment, by either another bean or a client application. The primary steps in 
both the cases are the same: 
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1 . locate the home interface of the bean; 

2. using the home interface, create a new instance or find one or more 
existing instances of the bean; and 

3. invoke the bean's methods to accomplish tasks. 

To locate the bean, JNDI is used. There are some variations in how JNDI 
calls are used with different EJB servers. Here we use the 

get Init ialContext ( ) method in the SabaJ2EEVendor class for locating 

the SabaRegistration bean. 

InitialContext ctxt = 
SabaJ2EEVendor .getlnitialContext () ; 

Object objref = ctxt . lookup { "SabaRegistration" ) ; 
SabaRegistrationHome regnHome = (SabaRegistrationHome) 
PortableRemoteOb j ect . narrow (ob j ref , 

SabaRegistrationHome . class) ; 

Once the home interface of the bean is so located, we can use it to create 

new instances of the bean or find existing ones. In an earlier example, we had 

used the home interface for finding instances of a bean. Another example, this 

time for creating an instance, is presented below. 

SabaRegistration regstrn = regnHome . create (personlD, 
classID) ; 

Subsequently, we can invoke business methods of the bean simply as 
follows. 

regstrn. setAttrVal (feePaid, true) ; 

In addition to the foregoing, additional methods (implemented by the bean 
container) are available for getting a bean's metadata (from which its primary key 
class, remote interface class, etc. can be obtained), comparing two beans for 
identity, etc. Many of these methods are used in building tools, such as those for 
deployment purposes. If additional information about these methods is needed, 
please consult the available EJB literature. 

Those skilled in these arts will understand that various other alternative 
embodiments of a business apphcation server system and related development kit 
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for developers, may be designed around these basic concepts without deviating 
from the unique features provided by applicants in this invention. 
SECURITY SYSTEM 

In a preferred embodiment of the present invention, the Platform's BDK 
519 provides an extremely powerful model for assigning security; that is, defining 
the sets of allowed operations that groups of users can perform. It supports both 
extremely sophisticated definitions of an allowed operation and a scalable model 
for assigning and partitioning secxirity. Specifically, the following features are 
provided: 

• Security operations can be specified according to either the general class 
of business object or to specific, individual business objects. 

• Support for both shared security operations (view, update, delete, etc) and 
business-object specific security operations. 

• Security operations can be assigned based on a customizable partitioning 
of business objects into domains. 

• Security operations can be assigned based on either universal or domain- 
specific user groupings. 

Definitions 

The following concepts are central to the Platform's Security Model. 

A Security List Member is any entity that can be assigned privileges in the 

system. Members can be can be individual users of the system (employees or 

customers); they can also be associated with generic roles, such as a system 

administrator, or even an automated process, such as an Interconnect 

ChangeManager. 



A Privilege is a set of one or more possible security operations. There are several 
types of privileges as shown below in Table 1: 



Category 


Description 


Example 


Atomic Privilege 


The most fine-grained form 
of privilege. Defines a 


Create, Delete 
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single type of security 
operation. 




Component Privilege 


An Atomic Privilege 
applies to a specific 
category of business object 


Create Class, 
View Registrations, 
Confirm Internal Order 


Instance Privilege 


An Atomic Privilege 
applied to a specific 
business object 


Yiew the "Monthly 
Cancellations" Report 


Complex Privilege 


A grouping of one or more 
privileges 


Create, modify, and delete 
classes 



Table 1 

The Platform 501 supports several pre-defined atomic privileges that apply to all 
business objects. The pre-defined atomic privileges are shown below in Table 2. 

5 



Privilege 


Description 


New 


Create a new instance of this business 
object 


View 


View summary or detail information about 
an existing business object 


Edit 


Change information about an existing 
business object 


Delete 


Delete an existing business object 


Change Domain 


Set the domain of an existing business 
object 



Table 2 

Specific categories of business objects can also define additional 
privileges specific to that category. For example, the following component 
10 privileges only apply to the "Purchase Order" business object: 

• Change Expiry Date 

• Change Initial Credit 

• Change Status 

• Change Terms 

1 5 Domains are the Platform's 501 partitioning mechanism for business objects. 

Domains allow users to define a hierarchical structure that models their 
organization or business, for example, based on geography or division. 
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For example, the following simple example shows a three-domain organization, 
with a root "World" domain and two child "US" and "Europe" domains. 



World 



US 



Europe 



5 All business objects are assigned a specific domain and belong to that 

domain. In turn, security privileges are assigned on specific domains. The 
domain hierarchy is automatically enforced during security checks. This means 
that users who have access to a domain can access objects in that domain, and that 
users who have access to ancestors of a given domain also have access to objects 
10 in that domain. 

Extensions to the basic domain model may include the ability to define 
multiple, independent domain axes. For example, one domain hierarchy might be 
based on geography, another on business fimction. 

15 

Security Lists are the mechanism by which members are matched with privileges. 
A Security List defines a set of domain-specific privileges and a set of list 
members. Security Lists are created in a two-step process as follows: 

• First, a set of privileges are added to a security list, where each privilege is 
20 applied to a specific domain. A privilege within a security list - that is, a 

privilege applied to a specific domain - is known as a "granted privilege." 

• Second, a set of members are added to a security hst. 

Privileges are calculated at runtime based on all the security Ksts a user 
25 belongs to. At least one of the lists must contain a required privilege in the 

appropriate domain. This combined use of privileges and security lists supports 
two paradigms for administering security across domains: 
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1. A centralized approach wherein global administrators define security lists 
that contain a set of (privilege, object, domain) triples, that is, one security hst can 
apply across different domains. The same global administrators assign members 
to security lists. 

2. A decentralized approach wherein global administrators define complex 
privileges that contain a set of (privilege, object) pairs with no domain 
information. These serve as "security roles", effectively, global security lists that 
are domains-independent. Administrators for individual domains then define 
domain-specific security hsts containing these privileges. The domain 
administrators assign members in their domain to security hsts. 

The following example shows how privileges work in practice. 

Two security hsts are shown below in Table 3 and Table 4 containing the 

following granted privileges: 



"Customer" Security List 



Privilege 


Business Object Category 


Domain 


View 


Class 


World 


Create 


Order 


US 


Table 3 

"US Instructor" Security List 


Privilege 


Business Object Category 


Domain 


View 


Class 


World 


Create 


Class 


US 


Delete 


Class 


US 


Create 


Conference Room 


US 


View 


Conference Room 


World 


Schedule 


Projector 


US 



Table 4 



For purposes of this example, also assume that the instances of business objects 
shown below in Table 5 exist: 
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Business Obiect Category 


Business Obiect 


Domain 


Class 


English 101 


US 


Class 


Spanish 101 


Europe 


Conference Room 


Purple Room 


World 


Conference Room 


Lavender Room 


US 


Projector 


Projector 1520 


Europe 


Projector 


Projector 1120 


US 



Table 5 

If User 1 only belongs to "Customer" security list, Userl can perform the 
following operations: 
5 . View Class "English 101" 

• View Class "Spanish 101" 

• Create a new Order for Class "English 101" 

However, User 1 is not permitted to perform the following operations: 
10 • Order the class "Spanish 1 0 1" to be taken in Europe [because this would 

require a Order with a domain of "Europe"] 

• View the Purple Room 

• View the Lavender Room 

1 5 If Userl belongs to both the "Customer" and "US Instructor" security lists, then 

User2 can peform the following operations: 

• View Class "English 101" 

• Create a class "English 1 0 1 " in the "US" domain 

• View the Lavender Room 
20 • View the Purple Room 

• Schedule Projector 1 1 20 

However, User2 is not permitted to perform the following operations: 

• Create a new Order for Class "Spanish 1 0 1 " to be taken in Europe 
25 • Create a class "French 1 0 1" in the "Europe" domain 

• Schedule Projector 1520 
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The Persistence Layer of the BDK 519 automatically takes account of the 
predefined atomic privileges (new, view, etc) in its behavior. Thus, search results 
using standard finders will only return objects for which a user has view 
privileges, and update operations for which a user does not have privileges will 
5 automatically throw a Security exception, hi addition, the BDK 519 provides the 

ability to explicitly query the security model using the API described below. 

Security System API 

The BDK 519 provides a Java-based API for managing security. As 
10 described in the BDK section, this API uses an EJB-style session manager named 

"SabaSessionManager" and a set of helper classes. 

The API includes: 

15 1 . A set of interfaces representing the basic concepts in the security model. 

// IPrivilege - The base class of privilege. A Privilege is 
anything that can be added to a Security List. 

public interface IPrivilege; 

// lAtomicPrivilege - A single allowable operation 
20 public interface lAtomicPrivilege extends IPrivilege; 

// IComponentPrivilege - A single allowable operation on a specific 
object class. 

public interface IComponentPrivilege extends lAtomicPrivilege; 

25 

// IlnstancePrivilege - A single allowable operation on a specific 
object instance. 

public interface IlnstancePrivilege extends IComponentPrivilege; 

30 // IComplexPrivilege - A structured privilege, capable of grouping 

other 

atomic or complex privileges. 

public interface IComplexPrivilege extends IPrivilege, IHandle; 
35 // Domain - A business object representing an entry in the Domain 
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hierarchy 

public interface Domain extends IHandle; 

// ISecurityListMember is any interface that can be a member of a 
5 security list, including IRole, IParty (IPerson or lOrganization) , 

or IGroup 

public interface ISecurityliistMember extends IHandle; 

// ISecurityList matches granted privileges to a set of members 
10 public interface ISecurityList extends IHandle; 

2. A set of concrete classes capturing the available privileges in the system. 
These classes are application-dependent; i.e. there are one set of classes associated 
with the Learning application built on Platform, another set associated with the 
15 Performance application, etc. 



For example: 

public class InstancePrivileges implements 
IlnstancePrivilege { 

20 /* Define the set of common atomic privileges that 

apply to all objects in the system. */ 

public static final int kEdit =2; 

public static final int kDelete = 3; 

public static final int kView = 5; 

25 } 

public class ComponentPrivileges implements 
IComponentPrivilege { 

/* Define the set of common atomic privileges that 
apply to all components in the system. Notice that 
30 this class includes all atomic privileges that apply 

to instances */ 

public static final int kNew = 1; 
public static final int kEdit =2; 
public static final int kDelete = 3; 
35 public static final int kView = 6; 

} 

public class PurchaseOrderPrivileges extends ComponentPrivileges 
{ 
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// Privileges specific to the Purchase Order business 
ob j ect 



public 


static 


final 


int 


kChangeDomain = 7 ; 


public 


static 


final 


int 


kChangeStatus = 11; 


public 


static 


final 


int 


kChangeTerms = 12; 


public 


static 


final 


int 


kChangelnitialCredit = 13; 


public 


static 


final 


int 


kChangeExpiryDate = 14 ; 


public 


static 


final 


int 


kChangeCurrency = 15; 



} 

2. The interface of the manager used to create and manage security Usts. 

public interface SabaSecurityManager extends ISabaRemote { 

/* methods for creating and updating security lists */ 

public ISecurityList createSecurityList (SecurityDetail detail); 
public SecurityDetail getDetail (ISecurityList theSecurityList) ; 
public void update ( ISecurityList theSecurityList, 
SecurityDetail detail) ; 

public void remove (ISecurityList theSecurityList); 

/* methods for adding & removing privileges to security lists 

*/ 

public void addPrivilege ( ISecurityList theList, IPrivilege 
thePrivilege , Domain theDomain) ; 

public void removePrivilege ( ISecurityList theList, IPrivilege 
thePrivilege, Domain theDomain) ; 

/* methods for adding & removing members from security lists */ 
public void addMember ( ISecurityList theList, 
ISecurityListMember theMember) ; 

public void removeMember (ISecurityList theList, 
ISecurityListMember theMember) ; 

/* methods to check privileges */ 

public boolean isMember (ISecurityList theList, 
ISecurityListMember theMember) ; 

public boolean hasPrivi lege (ISecurityListMember theMember, 
lAtomicPrivilege thePrivilege, Domain theDomain) ; 

public Collection getPrivileges (ISecurityListMember theMember, 
IComponent theComponent , Domain theDomain) ; 



/* standard finder */ 
public ISecurityList findSecurityListByKey (String id); 
public Collection f indSecurityListByName (String name) ; 
public Collection f indAllSecurityLists ( ) ; 
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} /* SabaSecurityManager */ 

The following code fragment demonstrates how the Security API can be used to 
5 create a new security list, assign users to that security list, and check privileges for 

that user. Note that this code example uses several other session bean managers, 
such as a DomainManager and PartyManager, provided as part of Platform. 

/* step 1: create a security list */ 
10 String privName = "Guest"; 

String privDescription = "Guest login and access"; 
Domain domain = 

theDomainManager . f IndDomainByKey ( " domin 0 00000000001000 

") ; 

15 string domainID = domain. getid () ; 

SecurityDetail theDetail = 

new SecurityDetail (privName, privDescription, 
domainID) ; 

ISecurityList securityList = 
20 theSecurityManager . createSecurityList (theDetail) ; 

/* Step 2: grant privileges by adding them to the list */ 
IComponent classesComponent = 

theComponentManager . getComponent ( " Classes " ) ; 

25 

/* create atomic privileges and add them */ 
IPrivilege viewClasses = (IPrivilege) 

new ComponentPrivileges (ComponentPrivileges . kview, 
classesComponent) ; 
30 theSecurityManager . addPrivilege ( securityList , 

viewClasses, domain) ; 

IComponent groupComponent = 

theComponentManager . getComponent ( " Product Group" ) ; 
35 IPrivilege viewGroups = (IPrivilege) 

new ComponentPrivileges (ComponentPrivileges . kView, 
classesComponent) ; 
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theSecurityManager . addPrivilege (securityList , viewGroups , 

domain) ; 

/* Step 3: assign a member to the security list */ 
5 ISecurityListMember member = (ISecurityListMember) 

thePar tyManager . f indEmp loyeeByKey ( " emploO 0 000000000100 

0 " ) ; 

theSecurityManager . addMember { securityList , member) ; 

10 /* Step 4: check a user's privileges */ 

IPrivilege editClassPriv = (IPrivilege) new 

ComponentPrivileges (ComponentPrivileges . kEdit , 
classesComponent ) ; 

boolean canEditClasses = 
15 theSecurityManager .hasPrivilege (member, 

editClassPriv, domain) ; 

Best Mode 

In a preferred embodiment, the Platform's BDK security API focuses on the 
20 database structures and SQL used to store and query security information. It also 

touches on the algorithms used in implementing the Java API. 



Information related to security is stored database tables as shown below. The 
Platform's BDK Security System uses Java code to read and write values to these 
25 database tables. 



fgt_domaiii stores all domains as shown below in Table 6. 



Column Name 


type 


Required? 


Description 


id 


OBJECTID 


y 




description 


varchar <255) 


n 


Long descriptive string 
for the domain. 


name 


varchar (25) 


y 


Name of the domain 


Parent id 


OBJECTID 


N 


ID of the parent domain 



30 Table 6 
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fgt_ss_privs stores all atomic privileges as shown below in Table 7a. 



Column Name 


Type 


Required 

? 


Description 


id 


OBJECTID 


Y 




obj ect_type 


OBJECTID 


Y 


object id (data dictionary 
class id) to which the 
privilege applies. 


priv_name 


varchar (80) 


Y 


a description string for 
the privilege. 


priv_seq 


INT 


Y 


a number which identifies 
the type of privilege. 

1 => New 

2 => Edit 

3 => Delete 

4 => Save 
etc . 

Note : 1 - 5 common to all 
classes 11 onwards -- 
class specific. 



Table 7a 

For example, in Table 7b below, the following data captures the available 
privileges for the Purchase Order business object. Notice that the values in the 
priv_seq column directly correspond to the constants defined by 
PurchaseOrderPrivileges class defined in the Java API. 



id 


obj ect_type 


priv_name 


priv_seq 


ssprvOOO 000 000 001008 


pycat 0 00 0 00 0 000 0103 6 


New 


1 


ssprvOOO 00 0 00 0 002008 


pycatO 000 00 0 000 01036 


Edit 


2 


ssprvOOO 000 000 003 00 9 


pycatOOO 000 0 00 0 01036 


Delete 


3 


ssprvOOO 000 000 01 0175 


pycatOOO 0 00 0 00 001036 


View 


6 


ssprvOOO 000 000 010224 


pycatOOO 000 0 00 0 010 3 6 


Change Domain 


7 


ssprvOOO 000 00 0 007 12 0 


pycatO 000000 00 0 010 36 


Change Status 


11 


ssprvOOO 00 000 0007 121 


pycatOOOOOOOOO 001036 


Change Terms 


12 


ssprvOOO 00 0 00 0 00 7 122 


pycatOOOO 00000 001036 


Change Initial 
Credit 


13 


ssprvOOO 00 0 00 0 00 712 3 


pycat 00000000000 
1036 


Change Expiry 
Date 


14 



Table 7b 



fgt_list stores all security lists as shown below in Table 8a. 



Column Name 


Type 


Rq? 


Description 


id 


OBJECTID 


Y 




description 


varchar (255) 


N 


Description of this list 
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name 


varchar (25) 


Y 


Name of the list 


owner id 


OBJECTID 


N 


The owning object of this list if 
any . 


security 


BOOLEAN 


Y 


0 = Not a security list, 

1 = Security List. 



Table 8a 

For example, in Table 8b below, the following data defines a security list to 
capture generic user privilges: 

5 



id 


name 


description 


security 


listaOO 0 00 0 00 0 002003 


User 


A generic low-privileged user 


1 



Table 8b 



fgt_list_entry stores all members of a security list as shown below in Table 9. 

10 



Column Name 


Type 


Rq? 


Description 


id 


OBJECTID 


Y 




list id 


OBJECTID 


Y 


Foreign key to a security list 


person id 


OBJECTID 


Y 


Foreign key to a list member. The 
object ID may be a person, role, 
or group . 



Table 9 



fgt_ss_grants stores all granted privileges as shown below in Table 10. 

15 



Column Name 


Type 


Rq? 


Description 


id 


OBJECTID 


y 




granted_on_id 


OBJECTID 


y 


Foreign key to the business 
object class or instance on 
which this privilege is granted. 


granted to id 


OBJECTID 


y 


Foreign key to the security list 
on which this privilege is 
granted. 


privs 


varchar (50) 


y 


50 character bitmap containing 
the granted privileges. 


domain id 


OBJECTID 


N 


Foreign key to the domain on 
which this privilege is granted. 



Notice that this schema shown in Table 10 stores all atomic privileges on a 
(object, domain, list) triple in a single row by appending the integer keys of the 
atomic privilges into a single string. Notice also that the schema shown in Table 
20 10 can capture both: 
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1) privileges on business object classes, by storing the data dictionary 
primary key of the class in the granted_on_id column. 

2) privileges on business object instances, by storing the object id of the 
instance in the granted_on_id column. 

5 

For example, the following row from Table 10 describes a grant that allows 
members of the "Users" security list to create and view orders, but not edit or 
delete them. The "ddcls" prefix (for "data dictionary class") on the granted_on_id 
value indicates that this OBJECTID refers to a business object class. The 1^* and 
10 6* bits of the privs flag are on, providing create and view privileges only. 



id 


granted on id 


granted_to_id 


ssgrnO 00 0 000 000 01264 


ddcls 000 000 000 00105 5 


lista000000000002 003 



privs 


domain id 


100 0 010 00 000 000 000 000 00 0 000 0 000 000 000 0 00 00 000 000 0 0 


dominOO 0 00 0 00 0 000001 



The following row from Table 10 describes a grant that allows the same list to 
15 execute a specific report. The "reprt" (for "report") prefix on the granted_on_id 

value indicates that this OBJECTID refers to a specific instance of the Report 
business object. The 11* bit of the privs flag is on, meaning the grant gives 
Execute privileges only. 



id 


grant ed_on_id 


granted_to_id 


ssgrn0 0 00 00 0002 02 0 56 


reprtOOOOOOOOOOOlOOO 


listaOO 00 00000002 003 



20 



privs 


domain id 


00 00 0 00 00010000 000 0 00 0 00 000 000 000 00 0 00 0 00 0 00 000 000 


dominO 000 000000 00 001 



The Platform's BDK Security System also utilizes an addPrivilege () method. 
The addPrivilegeO method has different logic depending on whether a row 
already exists in fgt_ss_grants for the combination of security list, business object, 
25 and domain. If a row exists, it retrieves the existing row, sets the additional bits 

defined by the IPrivilege parameter, then updates the row. If no row exists, it 
creates a empty privilege bitmap, sets the bits defined by the IPrivilege parameter, 
then inserts a row. 
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The Platform's BDK Security System also utilizes an liasPrivilege() method. The 
addPrivilege () method executes a SQL query to retvim all privilege bitmaps for 
each security Hst the user belongs to that match the target object and domain 
parameters. It iterates through each bitmap and returns true if the privilege has 
5 been set in any one. The SQL query that is executed is: 

/* select all of a user's grants on an class in a given domain, 
parameter 1 = person id 
parameter 2 = class id 
10 parameter 3 = domain id */ 

select g.id, g.privs from f gt_ss_grants g, fgt_list 1, 

f gt_list_entry e where e.person_id = ®@001 and e.list_id = 1 . id 

and 1. security = 1 and 

g . granted_to_id = 1 . id and g . grant ed_on_id = @@002 and 
15 g.domain_id = @@003 

The BDK Persistence layer also contains code that directly accesses these 
database tables to check security privileges. A utility class, SabaPrivileges, 
contains a hasPrivsQ method that is called at predefined points by the SabaObject 
20 and SabaEntityBean implementations, including whenever objects are saved and 

restored. This method has the following signature: 

public boolean hasPrivs (String objectID, String classic, String 
domainID, int privToCheck, boolean anyDomain) 

25 

SabaPrivileges contains a Java hashtable that caches privilege for each business 
object in the system. The hasPrivs() method iterates through these privileges to 
look for a match, using logic similar to the SabaSecurityManager.hasPrivilege() 
method. 

30 

If the cache is empty, SabaPrivileges queries the database to load the appropriate 
privileges. The SQL used is the following: 



35 select s . granted_on_id granted_on, substr ( 

to_char (decode (sum (to_number (substr (s .privs , 1, 1))), 0,0,1)) 

II to_char (decode (sum (to_number (substr (s .privs , 2, 1))), 0,0,1)) 

II to_char (decode (sum (to_number (substr (s .privs , 3, 1))), 0,0,1)) 

II to_cliar (decode (sum (to_number (substr (s .privs , 4, 1))), 0,0,1)) 

40 I I to_char (decode (sum (to_number (substr (s .privs , 5, 1))), 0,0,1)) 

II to_c]iar (decode (sum (to_number (substr (s .privs , 6, 1))), 0,0,1)) 
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10 



15 



20 



25 



30 



35 



40 



45 



50 



to_ 


char 


decode 


sum ( 


to_ 


number 


substr 


s 


privs , 


7, 


1) ) 


, 0, 


0, 


1) 


to_ 


char 


decode 


sum ( 


to_ 


number 


substr 


s 


privs , 


8, 


1) ) 


, 0, 


0, 


1) 


to_ 


char 


decode 


sum( 


to_ 


_number 


substr 


s 


privs , 


9, 


1) ) 


, 0, 


0 , 


1) 


to_ 


char 


decode 


sum 


to_ 


_number 


substr 


s 


privs , 


10 , 


1) ) 


, 0, 


0, 


1) 


to_ 


char 


(decode 


sum 


to] 


number 


substr 


s 


privs , 


11, 


1) ) 


, 0, 


0, 


1) 


to_ 


char 


(decode 


I sum 


to_ 


number 


substr 


s 


privs. 


12, 


1) ) 


, 0, 




1) 


to_ 


char 


(decode 


(sum 


to_ 


number 


substr 


s 


privs. 


13, 


1) ) 


, 0, 


0, 


1) 


to_ 


char 


decode 


sum 


to_ 


number 


substr 


s 


privs , 


14 , 


1) ) 


, 0 , 


0, 


1) 


to_ 


char 


decode 


(sum 


to_ 


number 


substr 


s 


privs , 


15, 


1) ) 


, 0, 


0 


1) 


to_ 


char 


decode 


(sum 


to] 


number 


substr 


s 


privs , 


16, 


1) ) 


, 0, 


0, 


1) 


to_ 


char 


decode 


(sum 


to_ 


_number 


'substr 


s 


privs , 


17, 


1) ) 


, 0, 


0 


1) 


to_ 


_char 


decode 


(sum 


to_ 


number 


[substr 


[s 


privs , 


18, 


1) ) 


, 0, 


0 


1) 


to_ 


_char 


decode 


(sum 


to_ 


number 


[substr 


(s 


.privs , 


19, 


1) ) 


, 0, 


0, 


1) 


to] 


_char 


decode 


(sum 


to_ 


_number 


[substr 


[s 


privs , 


20, 


1) ) 


, 0, 




1) 


to] 


_char 


decode 


(sum 


to_ 


_number 


[substr 


[s 


.privs , 


21, 


D) 


/ 0, 


0 


1) 


to] 


_char 


decode 


(sum 


to_ 


number 


[substr 


(s 


.privs , 


22, 


D) 


, 0 


0 


1) 


to_ 


_char 


(decode 


(sum 


to_ 


_number 


[substr 


s 


.privs, 


23 , 


1) ) 


/ 0 


0 


1) 


to_ 


_char 


'decode 


(sum 


to_ 


_number 


[substr 


s 


.privs, 


24, 


1) ) 


, 0 


0 


1) 


to] 


_char 


(decode 


(sum 


itO_ 


number 


[substr 


s 


.privs, 


25, 


1) ) 


/ 0 


0 


1) 


to_ 


char 


(decode 


(sum 


^to_ 


number 


[substr 


s 


.privs, 


26, 


1) ) 


/ 0 


0 


1) 


to_ 


_char 


(decode 


(sum 


;to] 


_number 


[substr 


s 


.privs, 


27, 


1) ) 


, 0 


0 


1) 


to_ 


_char 


(decode 


(sum 


;to_ 


number 


[substr 


s 


.privs 


28, 


1) ) 


, 0 


0 


1) 


to_ 


_char 


(decode 


[sum 


[to_ 


number 


[substr 


s 


.privs, 


29, 


1) ) 


, 0 


0 


1) 


to_ 


_char 


(decode 


[sum 


[to_ 


number 


[substr 


s 


.privs 


30, 


1) ) 


, 0 


0 


1) 


to_ 


_char 


(decode 


[sum 


(to_ 


_number 


[substr 


[s 


.privs 


31, 


1) ) 


, 0 


0 


1) 


to] 


_char 


(decode 


[sum 


(to] 


_number 


[substr 


(s 


.privs 


32, 


1) ) 


) , 0 


0 


1) 


to_ 


_char 


! decode 


[sum 


(to_ 


number 


[substr 


(s 


.privs 


33 , 


1) ) 


, 0 


0 


1) 


to] 


_char 


(decode 


[sum 


(to_ 


_number 


[substr 


(s 


. privs 


34, 


1) ) 


) , 0 


0 


1) 


to_ 


_char 


(decode 


[sum 


(to] 


_number 


[substr 


(s 


.privs 


35, 


1) ) 


) , 0 


0 


1) 


to_ 


char 


(decode 


[sum 


(to] 


_number 


[substr 


(s 


.privs 


36, 


1) ) 


) , 0 


0 


1) 


to_ 


char 


(decode 


[sum 


(to] 


_number 


[substr 


(s 


. privs 


37, 


1) ) 


) , 0 


0 


1) 


to_ 


_char 


(decode 


[sum 


(to_ 


number 


[substr 


(s 


.privs 


38, 


1) ) 


) , 0 


0 


1) 


to] 


char 


(decode 


(sum 


(to_ 


_number 


[substr 


[s 


.privs 


39, 


D) 


) , 0 


0 


1) 


to_ 


char 


(decode 


(sum 


(to_ 


number 


[substr 


(s 


.privs 


40, 


1) ) 


) , 0 


0 


.1) 


to_ 


_char 


[decode 


(sum 


(to_ 


_number 


[substr 


[ s 


. privs 


41, 


1) ) 


) , 0 


0 


,1) 


to_ 


char 


(decode 


[sum 


(to_ 


_number 


[substr 


[s 


. privs 


42 , 


D) 


) , 0 


0 


,1) 


to_ 


char 


(decode 


(sum 


(to_ 


number 


[substr 


(s 


.privs 


43 , 


1) ) 


) , 0 


0 


,1) 


to_ 


_char 


(decode 


(sum 


(to] 


_number 


(substr 


(s 


.privs 


44, 


1) ) 


) , 0 


0 


.1) 


to_ 


_char 


(decode 


[sum 


(to_ 


number 


(substr 


( s 


. privs 


45 , 


1) ) 


) , 0 


0 


,1) 


to_ 


_char 


(decode 


(sum 


(to_ 


number 


(substr 


(s 


. privs 


46, 


1) ) 


) , 0 


0 


,1) 


to_ 


_char 


(decode 


(sum 


(to] 


number 


(substr 


(s 


.privs 


47 , 


1) ) 


) , 0 


0 


,1) 


to] 


_char 


(decode 


(sum 


(to] 


_number 


(substr 


(s 


.privs 


48, 


1) ) 


> , 0 


0 


,1) 


to] 


_char 


(decode 


(sum 


(to] 


_number 


(substr 


[s 


.privs 


49, 


1) ) 


) , 0 


0 


,1) 


to] 


_char 


(decode 


(sum 


(to_ 


number 


(substr 


(s 


.privs 


50, 


1) ) 


) , 0 


0 


,1) 



,1,50) privs, t.node_id domain_id from f gt_ss_grants s, f gt_list_entry 1, 

tpt_dummy_f lat_tree t where l.person_id = ®001 and 
s . granted_on_id = @003 and l.list_id = s . granted_to_id and 
s.domain_id = t.related_to and (1 .group_label is null or 
1 . group_label = @002) group by s . grant ed_on_id, t.node_id 



The SQL used in this query has two unique features: 
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• It uses a table called tpt_dummy_flat tree that stores the parent/child 
relationships for all domains in the system. This allows it to include a join 
that obtains privileges for both the specified domain and all its parents. 

• It checks the value of the privs field bit by bit, and concatenates the results 
5 together to form a new bitmap that is the union of the bitmap fields for the 

specified domain and all its ancestors. 

The following example data in tpt_dummy_flat_tree shown in Table 11 defines 
the relationships between three domains, where dominOOOOOOOOOOOOOOl is the 
1 0 top-level parent, dominOOOOOOOOOOO 1 000 is its child, and 

dominOOOOOOOOOOOlOOl is its grandchild. 



NODE ID 


RELATED TO 


R 


REL LEVEL 


dominOOOOOOOOOOOOOOl 


dominOOOOOOOOOOOOOOl 


I 


1 


dominOOO 000 000 001000 


dominOOOOOOOOOOOOOOl 


A 


2 


dominOOOOOOOOOOO 100 0 


domino 0 00 0000 000100 0 


I 


1 


dominOOOOOOOOOOOlOOl 


dominOOOOOOOOOOOOOOl 


A 


3 


dominOOOOOOOOOOOlOOl 


dominOOOOOOOOOOOlOOO 


A 


2 


dominOOOOOOOOOOOlOOl 


dominOOOOOOOOOOOlOOl 


I 


1 



Table 11 

15 

WDK SERVER 

The Web Content Server 800 enables the present invention to interact with 
users regardless of the users hardware platforms, locations, and software systems. 
The Web Content Server 800 allows the present invention to overcome the 
20 difficulties of prior art systems associated with having an infrastructure which is 

tightly coupled to application products, specific hardware platforms and specific 
Operating systems and related services. 

The Web Content Server 800 can allow the present invention to interface 
with many other industry standard software programs to make the exchange and 
25 flow of data easy and accurate, and enables interconnection with external systems, 

special networks, like SabaNet, and the Internet. 

The Web Content Server 800 is web-enabled and provides a unified set of 
interfaces for interacting with web based users as well as other users. 
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The Web Content Server 800 can also allow vendors/developers to 
develop applications on the Platform, make use of core technology for 
information matching and distribution, and provide standardized access to 
connectivity with other systems and platforms in a users network. 

As shown in Fig. 8A, one embodiment of an Web Content Server 800 
provides an interface between users 802, 804, and 806 and the Platform. The Web 
Content Server 800 preferably includes an engine 808, style sheet control system 
810 for various user display protocols, a JAVA Virtual Machine 812 and the 
related runtime support. 

The Style Sheet Control System 810 contains mechanisms to manipulate 
various kinds of display style sheets, to generate and execute web links, to 
manage dynamic content generation and dynamic generation of Javascript. The 
Style Sheet Control System 810 also can allow vendors/developers to modify, 
add, or delete the mechanisms in the Style Sheet Control System 810. Thus, 
vendors/developers can customize the presentation of data to the users. 
USER GENERATION OF WEB CONTENT 

Web Content Server 800 can also provide the platform's web content 
generation engine for use by users to create, render, and present web content 
while improving the dynamic acquisition of data from a variety of sources 
followed by its reformatting and display via style sheets. Using web standards for 
XML and XSL, Web Content Server 800 provides a user with a customizable 
framework for decoupling data from presentation, and generating web content in a 
variety of formats, from standard HTML to WML. 

The Web Content Server 800 provides a "page engine" 808 which allows 
users (such as developers, consultants and customers) to build web content using a 
separation between Model, Widget, and View instructions.. The engine 808 
separates data production, interaction elements and display information, and 
maintains these aspect of page production in different files. 

The engine 808 supports three components: (a) Widgets, which are 
reusable interactive components such as buttons and data entry fields; (b) Models, 
which encompass the data and user operations used by the application (Data can 
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be simple Strings or complex objects); and (c) Views, which use style sheets to 
define and control the presentation of output to the user. 

Using the system 808 provides, among other things, the following 
advantages for a user: 

Improve maintainability of web content. 

Partition web content development between users (such as component 
developers, Java developers, and UI developers). 

Provide easy and extensive customizability by users. 

Improve productivity of building web content. 

Provide improved authoring and debugging support. 

Provide the infrastructure for targeting alternate deployment platforms (ie 
palmtops). 

In one embodiment, the engine 808 uses XML, XSLT (extensible 
Stylesheet Language Transformations), and RDF (Resource Description 
Framework), built round a publishing framework called Cocoon to enable the 
functionality of Web Content Server 800. 

The engine 808, in conjunction with a set of tools, utilities, APIs, and 
predefined widgets and views, acts as a platform and provides the user with a set 
of tools, tag and widget libraries, Java classes, and XSL style sheets. Tools 
included with the platform 808 help users perform the following activities: (a) 
Authoring — users need to create and maintain control files, model files, widget 
files, and view files; (b) Debugging — the process starting with obtaining data and 
ending with viewing is involved so having tools or methods for debugging 
problems is essential; and (c) Customization — customizing the final product can 
certainly be accomplished with the tools used for authoring and debugging, but 
additional tools can radically simplify tasks like product upgrades or performing 
simple customizations. 

The platform 808 allows content, logic and style to be separated out into 
different XML files, and uses XSL transformation capabilities to merge them 
resulting in the automatic creation of HTML through the processing of statically 
or dynamically generated XML files. The platform 808 can also generate other, 
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non-HTML based forms of XML content, such as XSL:FO rendering to PDF files, 
client-dependent transformations such as WML-formatting for WAP-enabled 
devices, or direct XML serving to XML and XSL aware clients. 

The platform 808 divides the development of web content into three 
5 separate levels: (a) XML creation - The XML file is created by the content 

owners. They do not require specific knowledge on how the XML content is 
further processed - they only need to know about the particular chosen "DTD" or 
tagset for their stage in the process. This layer can be performed by users directly, 
through normal teeditors or XML-aware tools/editors; (b) XML processing - The 

10 requested XML file is processed and the logic contained in its logicsheet is 

applied. Unlike other dynamic content generators, the logic is separated fi-om the 
content file; and (c) XSL rendering - The created document is then rendered by 
applying an XSL stylesheet to it and formatting it to the specified resource type 
(HTML, PDF, XML, WML, XHTML, etc.). 

15 Dynamic Web Content development using Web Content Server 800 

The Web Content Server 800 can be based on XML, XSLT and Java 
technologies. Using these technologies, the Web Content Server 800 allows for 
easier user interface customization, more flexibility in page functionality, easier 
page maintenance and the creation of more easily reusable code. It encourages the 

20 separation of data production, interaction elements and display information by 

separating different aspect of page production in different files. 

Using platform 808, developing a web page (web content) requires the 
development of the following components: (a) a control file; (b) a model file; (c) a 
view file; and (d) Command Managers and Commands. 

25 The Model contains all the data and interactivity for a given page. Users 

are responsible for generating an XML page containing the raw data they wish to 
display, independent of the appearance of that data or any additional presentation 
information. 

The Model can be implemented using a dynamic page engine (JSPs or 
30 XSPs). In addition, API 808 provides a variety of helper tagsets to automate 
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common scripting operations, minimizing the amount of custom scripting required 
by a user. 

Model Developers are typically Java programmers, since the bulk of 
development effort is implementing a companion Java Bean that invokes the 
appropriate SABA Manager API. They then use the dynamic features of the 
engine (tag libraries and Java scripts) to place data from the bean onto the page. 

The View contains all style and presentation for a given page. Users are 
responsible for implementing an XSLT stylesheet that transforms the model into a 
specific presentation environment. View developers are typically UI designers, 
since the bulk of authoring effort is crafting the HTML for a static page, then 
adding in the set of XSLT tags to create a stylesheet for the associated model 
page. 

Widgets are a set of predefined UI components and presentation elements 
common to web applications. Widgets can have user interactivity (fields, links) or 
be presentation only (images). Widgets can be implemented as XSLT stylesheets. 
The platform 808 includes a predefined set of common widgets that can be used 
by both model and view developers. Note also that developers have the option of 
overriding the default widgets to provide enhanced or custom functionality if 
required. 

The important distinction between tag libraries and widgets is that tag 
libraries are used in the model and are an aid to dynamic content generation, 
whereas widgets are used in the transform step and are an aid to end-content 
generation. Tag libraries can be implemented in Java, whereas widgets are 
preferably implemented as stylesheets. 

Figure SB shows how the engine 808 processes/uses these files to produce 
dynamic web content. 

The process of creating the HTML to send to the browser begins with 
reading the control file, 860. The control file 862 is simply a file that identifies the 
model file 864, the view file 866 and the widget library 868 to use to produce the 
final HTML result 870. The control file 862 also contains link transformation 
information that is used to transform links used in the model file 864. This link 
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transformation is used to map model-file hyperlink references contained in the 
model file 864 to appropriate control file names. 

The model file 864 is loaded and preprocessed based on the information 
contained in the control file 862. The preprocessed model file is executed in three 
5 steps. In 872, any tags fi-om the tag library are processed. The tag library includes 

tags for internationalization, command invocation and widget management, hi 
874, the resulting XML file is then fiirther processed to generate a Java class, hi 
876, the Java class is executed to produce the model instance 878. The model 
instance 878 contains all data and other information needed for display. For 

10 example, the model instance 878 vv^ill contain the XML form of the data retrieved 

by the Commands invoked in the model page and it will contain all 
internationalized labels and widgets, hi 880, the model instance 878 is first 
transformed using the widget library 868. hi 882, the result of the widget 
transformation is then further transformed using the view transformation file 866 

15 to produce the final result 870. 

The process outlined above also highlights how the different aspects of 
developing dynamic web content are separated. The design of a particular web 
page is the result of answering the following questions: (a) What do I do with 
parameters sent firom the browser and what data is needed to display the page? 

20 How do I perform these tasks? (b) How will the user interact with the page? What 

buttons, entry fields etc. will the user have? and (c) How are the data and the 
interaction elements displayed on the page? 

The answer to question (a) results in the model page and the Command 
objects used by the model page. The model page invokes all needed Commands to 

25 perform the tasks of the page and to produce the data needed for display. The 

answer to question (b) produces a hsting of all widgets and their linkages to the 
data being displayed. Although this list is part of the model page, the list of 
widgets and their linkages are all declared in a clearly identifiable part of the 
page. Finally, the answer to question (c) produces the view transformation page. 

30 Page development process 
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Typically the page development process starts with an HTML mockup of 
the page. The Web Content Server 800 development process can start with the 
HTML mockup as well. However, users do not modify this mockup to include 
code. Instead the process illustrated in Figure 8C is followed. 
5 As illustrated in Figure 8C, using the HTML mockup 884, the user 

develops three specifications. The data model specification 886 is developed to 
meet three basic criteria. First, the data model needs to contain enough 
information to drive the interface. For example, if the interface needs to display 
the name of an object, then the data model must contain the object name in some 

10 form. Second, the data model specification should maximize reuse of command 

objects. For example, if a command object already exists that can retrieve a 
needed object in a serialized XML format, then the data model of the command 
object should be reused instead of reinventing a new XML representation of the 
same object. Finally, the data model specification should be generic so other 

15 pages can reuse the model generation components (Commands). How general the 

data model should be is determined by balancing the trade-off between 
performance (since producing more data may incur performance penalty) and 
reusability. If producing a more general data model causes high performance 
penalty, then a less general solution may be better. On the other hand, if adding a 

20 few not needed items comes at no or little performance cost, then the more 

general data model is preferred. For example, objects implementing the 
IXMLObject interface will typically provide more than enough information about 
themselves. The data model specification 886 should essentially be a sample of 
the data returned by the Command objects and the specification XML should be 

25 wrapped in tags. 

The widget specification 888 is a list of widgets needed by the page. These 
widgets include input fields of all types (textboxes, radio button collections, check 
box collections, dropdown lists, hyperlink buttons, etc.). Besides declaring what 
widgets the page needs, the specification 888 can also include how these widgets 

30 relate to the data model. For example, the page may require an edit button widget 

for every object it displays. The widget specification 888 can therefore indicate 
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that the edit button is "attached to" those objects. The widget specification 888 
can be very incomplete, because users (such as view developers) will typically 
only need the name of the widget for layout purposes. The widget library will take 
care of rendering the widget itself 
5 The third specification is the specification of internationalized items 890 

(labels, graphics). The specification 890 includes a list of all labels and images 
used on the page. The specification 890 contains just the name of the label and 
some sample text for the label. 

Once the specifications 886, 888, and 890 are complete, the user or a tool, 

1 0 produces a sample model instance 892. The user can use the model instance 892 

to test the view stylesheet (by using any standard XSLT tool). The user develops 
the view stylesheet by converting the original HTML mockup to an XSLT 
stylesheet to retrieve dynamic data, widgets and internationalized labels from the 
model instance. This conversion process can mostly be done in an HTML editor. 

15 Customizing/modifying a page 

One of the benefits of using the platform 808 for page development is in 
the ease of page customization and page modification. Often the look and feel of 
pages needs to be modified after the initial design. Using conventional systems 
this process was very painfiil: individual pages had to be revisited by software 

20 engineers and tweaked to confirm to the new requirements. These new 

requirements often meant changed look of textual/graphical information (e.g., 
justification of text, font, color), changing the layout (e.g., adding another Save 
button to the bottom of the page, moving buttons and table columns aroimd), or 
adding/removing information content (e.g., display the price of an offering but 

25 don't display the description of the offering). Also, often changes are required 

across pages: e.g., we want every link button to use "Helvetica" instead of 
"Verdana" for its label, and the alt label for the link image should be the same as 
the label of the link itself Sometimes page changes include adding new 
interaction components, e.g. adding a "Cancel" button to the page, or adding an 

30 edit button next to each displayed object. Such changes are much simpler to 

perform using Web Content Server 800. 



sf- 1028086 



92 



Docket No.360322000900 



Modifying text/graphics look and feel 

To change the look and feel of textual and graphical information, the user 
can edit the view page in an HTML tool. The user can add <span>, <div> etc. 
tags around the components needed modification, and define the "style" attribute 
5 to reflect the desired look and feel changes. If the user needs to develop for 

browsers with limited CSS support (e.g., Netscape 4.x), the user can wrap the 
components in <u>, <b>, <font>, etc. tags as needed. 
Layout changes 

The cut/copy/paste commands of the HTML editor can be used to perform 
10 most layout changes requiring the repositioning of different components. 

Dreamweaver, for example, gives users powerful HTML/XML element selection 
capabilities that make it easier to move and copy whole HTML/XML document 
fragments. 

Adding/removing information content 

1 5 Often the model specification will result in the production of more content 

than needed by a particular view. For example, the model for a page that needs to 
display the parents of a particular security domain only may also produce other 
information about the security domain (e.g., the description of the domain). This 
is especially likely when the model page reuses other, already existing command 

20 objects. In such cases displaying additional content can simply be done at the 

view page level: the user needs to place the newly required information 
somewhere on the view page. Removing information items is also very simple, 
since users can simply delete a particular HTML/XML fi-agment if viewing that 
piece of the model is not needed. 

25 Changing look and feel of widgets globally 

The use of widget libraries make it very simple to change the look and feel 
of widgets across pages. Either the widget transformation of the used widget 
library can be changed or an alternative widget library can be developed. In the 
latter case control pages must be updated to point to the new instead of the 

30 original widget library. 

Adding new interaction components 
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If the guidelines for model page design are followed then adding new 
interaction components (e.g., buttons) is a very simple task. Adding a new widget 
(e.g.. Cancel button) means adding a new widget to the widget section of the 
model page AND changing the view page to include the new widget. Since the 
widget section is a separate section of the model page, software engineers (and 
perhaps UI engineers) can make the required change without 
disturbing/interfering with any other part of the model page. 
Components of the platform 808 

The control page associates a particular model page, view page and widget 

library. 

The model page produces the data needed for displaying the page and it 
also defines the widgets (interaction elements, such as links, buttons, input fields, 
etc.) and internationalized resources (labels, graphics) used by the view page. The 
model page has a well defined structure. Model pages can produce XML 
representation of data using command managers and command objects. A model 
page can invoke a command using a tag. After the model page is executed, the tag 
will be replaced with the XML data produced by the selected Command. 

The model instance is the XML document produced by executing the 
model page. 

The view page displays the data and widgets contained in the model 
instance (i.e. the XML document produced by executing the model page). If the 
control page declares a widget library to use, then the view transformation takes 
place after the widgets have already been transformed to the appropriate format 
(e.g. HTML). 

The widget library contains the display transformation for widget 
components. After the model page executes the produced widgets are transformed 
to the appropriate output format (e.g., HTML). The resulting HTML markup is 
wrapped in tags so the view transformation page can easily identify and place 
each widget. 

The tag library contains tags users can use in their model pages to access 
common code functionality. This common functionality includes accessing 
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resource bundles, retrieving page parameters, executing commands, declaring 
widgets, etc. 

Control Page 

The entry point into any platform 808 page is an XML document that 
5 serves as a controller. This page is simply an XML document that points to the 

model, view, and widget documents. This convention creates a clean decoupling 
between the three constituent pages. As an example of the benefit of this 
approach, web content administrators may substitute a different control page in a 
deployment environment; this allows them to use the same model while 
1 0 modifying j ust the view. 

Coding Guidelines 

Pages built using the platform 808 employ certain conventions and coding 
guidelines to ensure consistent operation and simplify some processing steps. 
These coding guidelines include the following: 
15 a. head element 

All model pages must contain a head page element that defines some 
information specific to the model. It is used to capture the following: 
required metadata about input and pass-through parameters 
values of il8n labels. The convention is that all il8n values are obtained 
20 via the il 8n utility tag in the model page; this information is then passed on to the 

stylesheet in a predetermined location within the wdk:head element 
page title and other useful information about the page, 
b. Widget stylesheet 

The widget stylesheet is simply a list of xshincludes of the widgets used 
25 on this page. The widgets can be from the set of predefined widgets or can be 

customized widgets. 

ONE EXAMPLE OF A PREFERRED EMBODIMENT 

In one preferred embodiment, the Web Content Server 800 is a dynamic 
30 content generation framework based on the apache Cocoon project. Like other 

approaches, such as JSP, ASP, ColdFusion etc., the Web Content Server 800 
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would allow developers to create web pages to display data derived dynamically 
through some business logic. Unlike other d3Tiamic content generation 
frameworks, the Web Content Server 800 separates the content from its 
presentation. This separation makes it easier to customize pages, to provide 
5 different versions of pages to different user agents (desktop browsers, handheld 

devices, etc.). 

Content production and presentation separation is achieved by following a 
Model- View- Widget (MVW) paradigm. In this paradigm three distinct 
components are responsible for generating the final output sent to the client 

10 (desktop browser, WAP phone, handheld device). The model page is responsible 

for producing the content as well as the user interaction components (widgets). 
Widget look and behaviors are added during the widget transformation. Finally 
the View transformation provides the look and layout for the content and widgets 
produced by the model page. 

15 File Loading algorithm 

When the Cocoon engine processes the HTTP request, it invokes the 
getDocumentO method of the file producer registered with Cocoon. Web Content 
Server 800 uses a specific file producer (SabaProducerFromFile) to load the 
20 requested file. This file producer uses SabaSite properties to determine the 

location of the requested file. To register the Web Content Server 800 specific file 
producer, the following line is added to cocoon.properties: 

producer . type . file = 
com . saba .web . engine . SabaProducerFromFile 
25 SabaSite 

SabaSite is an object containing a set of properties relevant to a particular 
saba application. These properties include, but are not limited to: 

• File system location of application pages 

• File system location of images 
30 • Name of the site 

• Name of the servlet driving this application 

• Etc. 
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Using the SabaSite object and the associated property file the 
configuration of a given Saba apphcation can be changed with ease. 
The algorithm 

The SabaProducerFromFile uses the request URL to identify the file 
requested. The getDoctiment method of this class performs the following steps: 

1 . Determines the SabaSite based on the request. The SabaSite is 
identified as follows: 

a. Extract the servlet path information from the request 
object using the HttpServletRequest API (getservietPathQ). 

b. If the servlet path ends with a Web Content Server 800 
specific string suffix, then the associated SabaSite name is 
determined by stripping of that suffix. 

c. If the servlet path does not end with the Web Content 
Server 800 specific string suffix, then the system default SabaSite 
name is retrieved using the SabaSite API. 

d. The SabaSite is retrieved using the SabaSite API 

e. Finally the SabaSite is initialized using the request 

object 

2. Uses the SabaSite object to determine the location of all web 
documents by getting the document root property of the site. 

a. Uses the SabaSite API to retrieve the document root 
(getDocumentRootO). 

3. Determines the relative pathname of the requested document 
fi-om the request object. 

a. Uses the HttpServletRequest getPathinf o() API. 

4. Computes the absolute path of the document by combining the 
document root with the relative pathname. 

a. Appends the value of the document root and the relative 
pathname. 

b. Replaces all "\" characters with "/" to make sure the 
absolute pathname has the correct syntax. 

97 
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5. Parses the file identified by the pathname and returns the 

resulting document object model (DOM). 
ControlFile Processing algorithm 

When a client sends a request to a Web Content Server 800 application, 
the above-described process is used to identify and parse the control file. The 
control file is an RDF document that ties the above-mentioned three components 
of the Model-View- Widget paradigm together. 
Control file example 

1 <?xml version="1 .0" encocling="UTF-8"?> 

2 <?cocoon-process type="wdk"?> 

3 <!DOCTYPE rdf:RDF SYSTEM "../control10.dtd"> 

4 <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" 
xmlns:wdk="http://www.saba.com/XIVIL/WDK"> 

5 <rdf:Description id="searchPerson"> 

6 <rdf;type resource-'http://www.saba.com/XML7WDK/Contror7> 

7 <wdk:version>1.0</wdk:version> 

8 <wdk:model rdf:resource="searchPerson.xml'7> 

9 <wdk:view rdf:resource="searchPerson.xsl7> 

10 <wdk:widgets rdf:resource="../xsl/widget/wdk_widgets.xsl7> 

1 1 <wdk:!inks> 

12 <wdk:link model-'searchPerson.xml" control="searchPerson.rdf'/> 

13 </wdk:links> 

14 </rdf.Description> 

15 </rdf:RDF> 



The control file contains a Cocoon processing instruction (hne 2) that is 
parsed by the Cocoon engine. The cocoon engine uses the processing instruction 
to look-up the processor it needs to use to process the document. The Web 
Content Server 800 installation contains the following entry in the 
15 cocoon.properties file: 

processor . type .wdk = 
com. saba . web . engine . ControlFileProcesscr 

This line tells the cocoon engine that the 
com.saba. web. engine.ControlFileProcessor Java class is responsible for 
20 processing all documents that contain a cocoon processing instruction of type= 

"wdk". 

The control file processor performs the following steps: 

1 . Identifies the model, view and widget files. 

2. Parses the model file and creates a DOM representation of the 
25 XML document. 
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3. Inserts in the model file DOM: 

o Cocoon processing instruction to invoke the Web Content 
Server 800 transformer after the model page is executed. The Web 
Content Server 800 transformer is responsible for transforming the 
5 result of the model page using the widget and then the view XSL 

stylesheets. 

o XSLT processing instructions to declare where the widget 
and view transformation stylesheets are located. This information was 
extracted from the control file in step 1 . 
10 4. Updates hyperlinks in the model file based link mapping 

information fovmd in the control file. 

The control file processor returns the document object model containing 
all these updates, and the Web Content Server 800 engine then processes this 
DOM. 

15 Identifying model, view and widget file 

The control file contains the following three properties for encoding the 
three files: 

• wdk:model: the rdfresource attribute of this property is the path to the 
model file. (See line 8 in the example above.) 

20 • wdk:view: the rdfresource attribute of this property is the path to the 

view file. (See line 9 in the example above.) 

• wdk:widget: the rdfiresource attribute of this property is the path to the 
widget file. (See line 10 in the example above.) 

Creating the DOM for the model document 

25 Given the path information in the rdfiresource attribute of the wdk:model 

property, the actual path is computed based on saba site information. The process 
of computing the path is almost identical to the process described under the File 
Loading Algorithm section. The only difference is that if the value of rdfresource 
does not begin with the path delimiter character ("/") then the processor interprets 

30 the path as a relative path from the control file. Once the path is computed, the 

model file is parsed and a DOM representation is generated. 
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Updating the model DOM 

Before the model page (its DOM representation) can be further processed 
by the wdk engine, a cocoon processing instruction <?cocoon-process type= 
"xsp"?> is inserted. This processing instruction instructs the engine to first 
process the model page using the xsp processor (see section below on Custom 
XSP Processor). The control file processor inserts another processing instruction: 
<?cocoon-process type= "wdk_xsl"?>. This processing instruction directs the 
Cocoon engine to use the Web Content Server 800 specific XSLT transformer for 
the transforming steps (see section below on custom XSLT processor). 
Furthermore, two <?xml: stylesheet ...?> processing instructions are also inserted 
in the document object model following the above processing instruction. The 
"href data component of these instructions identifies the widget and view 
stylesheets in that order. The Web Content Server 800 specific XSLT transformer 
will process these two processing instructions to perform the XSL 
transformations. 

The following Java code shows how the processing instructions are 
inserted into the DOM: 

private void insertNextPI(Document doc, Processinglnstruction pi) throws 
ProcessorException 

{ 

try { 

NodeList nodeList ^ doc.getChildNodes(); 
Node theNode=null; 
Node lastPI=null; 
// find last PI 

for (int i=nodeList.getLength()-l ; i >= 0 ; i~) { 
theNode = nodeList.item(i); 
if (theNode.getNodeTypeO = 
Node.PROCES SING_INSTRUCTION_NODE) { 
lastPMheNode; 
break; 
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} 

} 

if (lastPI=null) { 
// cound not find a PI so just get the first node 
5 theNode=nodeList.item(0); 
} else { 

//going to do an insertBefore, so we want to move to the next 
//node so that this new PI gets inserted AFTER the last PI 
theNode=lastPI.getNextSibling(); 
10 if (theNode=null) { 

//should always have at least a root node after a PI 
throw new ProcessorException("Error processing control file: need 
a root node after a processing instruction"); 
} 

15 } // if lastPI==null 

doc.insertBefore((Node) pi, theNode); 
} catch (DOMException e) { 

throw new ProcessorException("Unexpected error processing control 
file: " + e.toStringO); 
20 } 

} /* insertNextPI */ 
Updating link information 

Model pages tj^Dically contain links that allow the model page to invoke 
another page. In order to make model pages reusable with different view pages, 
25 page references in a model page always refer to other model pages. This way 

different control files can reuse the same model page but use two different view 
pages. However, links pointing to model pages have to be transformed to control 
page hyperlinks before the final document is produced, since the request URL has 
to contain information about the control file and not the model file. In order to 
30 perform this transformation, the control file contains information about how to 

map a model page reference to a control page reference. The control file contains 
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a single wdk:links element, which contains a number of wdk:link elements. Each 
wdkrlink element has two attributes: model and control. The model attribute is the 
hyperlink name of a model file, while the value of the control attribute is the 
hyperlink name of the control file. 
5 The control file processor locates the wdkrlink and wdk:links elements in 

the control file DOM using the standard DOM API. Once all wdkilinks elements 
are located, the control file processor inserts a wdkrlinkMap element in the 
wdk:head element of the model DOM, and then inserts one wdk:linkMapEntry for 
each wdk:link found in the control file using the DOM API. The 

10 wdkrliiikMapEntry element has the same attributes as the corresponding wdkrlink 

in the control file. This way the mapping information is made available in the 
model page, and can be used by either the model page itself or the subsequent 
widget and view transformations. For example, the wdkrlink widget makes use of 
this information to transform model page references to control page URLs. 

15 Exampler The model DOM before and after the ControlFileProcessor 

The following code sample shows the XML serialized version of a model 
file before the ControlFileProcessor updated the DOM. 

<?xml version-' 1.0"?> 

<xsp:page language="java" xmlns:xsp="http://www.apache.org/1 999/XSP/Core" 
20 xmlns:wdktags- 'http://www.saba.com/XMUWDK/taglib''> 

<xsp:structure> 

<xsp:lnclude>com.saba. exception. *</xsp:include> 

</xsp:structure> 

25 <wdk:page xmlns;wdk="http://www.saba.com/XMi_/WDK"> 

<wdk:head> 
<wdktags:in> 

<wdktags:param name="sessionKey"/> 

<wdktags:param name="actionKey" required-'false" type="String" default=""/> 
30 <wdktags:param name="personSearch"/> 

</wdktags:in> 
<wdktags:out> 

<wdk:param name="sessionKey" type-'String" required="true''/> 
<wdk:param name="actionKey" type="String" required="false"/> 
35 <wdk:param name="personSearch" type-'String" required="true"/> 

</wdktags:out> 

<xsp:logic> 

Session sabaSession = SessionManager.getSession(sessionKey); 
String desiredLang = (String)sabaSession.getBlob("selectedLanguage"); 
40 </xsp:logic> 

<wdktags:i1 Sn.load resource- ■party_labels"> 

<language><xsp:expr>desiredLang</xsp:expr></language> 
</wdktags:i18n.load> 

<wdk:title><wdktags:i18n.label name="kl18n6000SearchForPeopleLabel"/> 
45 </wdk:title> 
<wdk:labeis> 
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<wdk:!abel name="busUnitLabel"><wdktags".i18n. label 
name="kl 1 8n6008BuslnessU nltLabel"/></wdk:label> 

<wdk:label name="locLabel"><wdktags:l1 8n. label 
name="kl 1 8n6000LocationLaber7></wd k: label> 

<wdk:label name="firstNameLaber><wdktags:i1 8n. label 
name="kl18n6000RegularFirstNanneLabel7></wdk:label> 

<wdk:label name="lastNameLaber><wdktags:l1 8n. label 
name="kl18n6000RegularLastNameLaber/></wdk:label> 

<wdk;labe! name="locationLabel"><wdktags:i18n. label 
name="kl18n6000RegularLocationLaber7></wdk:label> 
</wdk:labels> 
</wdk:head> 

<wdk:form method="GEr'> 
<wdk:hidden_field> 

<name>sessionKey</name> 

<value><xsp:expr>sessionKey</xsp:expr></value> 
</wdk: hldden_f ie!d> 
<wdk:hldden_fie!d> 

<name>actionKey</name> 

<value>search</value> 
</wdk:hldden_field> 
<wdk:model> 

<xsp:logic> 

if (actionKey.equalsC'search")) 
{ 

<people> 

<wdktags:execute 

manager-'com.saba.client.party.beans.PersonCommandlVlanager" command- 'searchForPeople" 
argument="personSearch"/> 
</people> 
} /* if actionKey.equals("searcfi")*/ 
</xsp:logic> 
</wdk:modei> 
</wdk:form> 
<wdk:widgets> 

<wdk:input name="lastNanneField"> 

<label><wdktags:i18n.iabel name="kl18n6000LastNameLaberY></label> 
<id>personSearch</id> 

<value><xsp:expr>personSearch</xsp:expr></value> 
</wdk:input> 
<wdk:link rtame="go"> 

<id>GO</ld> 

<href>searchPerson.xml</href> 
<type>button</type> 

<labei><wdktags:i18n.label name="kI18n6XXXXXGO'V></!abel> 
<prompt><wdktags:i18n.label name="kl18n6XXXXXG07></prompt> 
</wdk:link> 
</wdk:widgets> 

</wdk:page> 
</xsp:page> 

The following code sample shows the same model file after the 

ControlFileProcessor updated the model file. The changes are shown in bold face: 

<?xml version-' 1.0"?> 

<?cocoon-process type="xsp"?> 
<?cocoon-process type="wdk_xsl"?> 

<?xml: stylesheet href="../xsl/widget/wdk_widgets.xsl"?> 

<?xml: stylesheet href="searchPersop.xsl"?> 

<xsp:page language="java" xmlns:xsp="http://www.apache.org/1 999/XSP/Core" 
xmlns:wdktags="http://www.saba.com/XMUWDK/taglib"> 
<xsp:structure> 
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<xsp:inc(ucle>com.saba. exception. *</xsp:tnclude> 
</xsp:structure> 

<wdk:page xmlns;wdk="http://www.saba.com/XMIJWDK"> 
5 <wdk:head> 

<wdktags:in> 

<wdktags : param name="sessionKey"/> 

<wdktags:param name="actionKey" required-'false" type="String" default="'7> 
<wdktags:param name="personSearch"/> 
10 </wdktags;in> 
<wdktags:out> 

<wdk:param name="sessionKey" type="String" required="true"/> 
<wdk:param name="actionKey" type="String" required="false"/> 
<wdk:param name="personSearch" type="String" required="true7> 
15 </wdktags:out> 
<xsp:logic> 

Session sabaSession = SessionManager.getSession(sessionKey); 
String desiredLang = (String)sabaSession.getBlob("selectedLanguage"); 
</xsp:logic> 

20 <wdktags:i18n.load resource="partyJabels"> 

<ianguage><xsp:expr>desiredLang</xsp:expr></language> 
</wdktags:i1 8n.load> 

<wdk:title><wdktags;i18n.label name="kl18n6000SearchForPeopleLaber7> 
</wdk:tltle> 
25 <wdk;iabels> 

<wdk:label name="busUnitLabel"><wdktags:i18n.labe! 
name="kl18n6008BusinessUnitLabel7></wdk:labei> 

<wdk:iabel name="locLabel"><wdktags:i18n.iabel 
name="k 1 1 8n6000LocationLa bel'Vx/wd k: iabel> 
30 <wdk:iabel name="firstNameLaber><wdktags:i18n.label 

name="kl18n6000RegularFirstNameLaberV></wdk:iabel> 

<wdk:iabel name="iastNameLaber><wdktags:i18n.iabei 
name="kl18n6000RegularLastNameLabel7></wdk:label> 

<wdk:iabel name="iocationLabei"><wdktags:i18n. label 
35 name="kl18n6000RegularLocationLabel7></wdk:label> 

</wdk:labels> 

<wdk:linkMap> 

<wdk:lEnkMapEntry model-'searchPerson.xml" control="searchPerson.rdr'/> 
I </wdk:linkMap> 

40 </wdk:head> 

<wdk:form method="GET'> 
<wdk:hidden_field> 

<name>sessionKey</name> 
<vaiue><xsp:expr>sessionKey</xsp:expr></value> 
45 </wdk:hidden_field> 
<wdk:hidden_field> 

<name>actionKey</name> 
<value>search</value> 
</wdk:hidden_field> 
50 <wdk:model> 

<xsp:logic> 

if (actionKey.equalsC'search")) 
{ 

<people> 

55 <wdktags:execute 

manager="com.saba.ciient.party.beans.PersonCommandManager" command-'searcliForPeopie" 
argument="personSearch7> 
</peopie> 
} /* if actionKey.equalsC'search")*/ 
60 </xsp:iogic> 
</wdk: model> 
</wdk:form> 
<wdk:widgets> 

<wdk:input nanne="lastNameField"> 
65 <label><wdktags:i18n.Iab8l name-'kl18n6000LastNameLabel7></label> 
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<id>personSearch</id> 

<va!ue><xs p: expr>person Search</xs p : expr></value> 
</wdk:input> 
<wdk:link name="go"> 
5 <id>GO</id> 

<href>searchPerson.xml</href> 

<type>button</type> 

<labe!><wdktags:i18n.labe! name="kl18n6XXXXXG07></labei> 
<prompt> <wd ktags : i 1 8n. label na me="kl 1 8n6XXXXXG07></prompt> 
10 </wdk:link> 
</wdk:widgets> 
</wdk:page> 
</xsp:page> 

15 Custom XSP processor 

Instead of using the XSP processor of Cocoon, Web Content Server 800 
uses a custom XSP processor. To make this happen, the following line is added to 
the cocoon.properties file: 

processor . type .xsp = com. saba. web . engine . SabaXSPProcessor 
20 This processor adds the following capabilities: 

• Debugging: The Web Content Server 800 XSP processor can produce 
intermediate files representing the documents as the model page is transformed 
from its original form to the Java code that is executed and the actual data that is 
produced by the Java code. These intermediate files can be inspected to locate 

25 the source of a problem more easily. 

• Cache control: For debugging purposes it is important to know that the 
code that executes is the code that the developer has just edited. However, the 
cocoon engine contains a number of caching mechanisms that make this 
assumption incorrect sometimes (ie. The code that's executed is code that is in 

30 the cache instead of code that the developer has just changed). The Web Content 

Server 800 XSP processor allows control over caching. 
Producing intermediate files for debugging purposes 

The SabaXSPProcessor can produce intermediate files as the model file 
goes through the different transformation steps. The helper classes XSPDebugger 
35 and DebuggerConfig are used to control which if any intermediate files should be 

produced. The following properties are introduced in cocoon.properties for 
controlling debugging behavior: 
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• wdkdebugoutput 

• wdkdisablecache 

• wdkdebug 

The wdkdebug property can have the following values: 

• off: No debugging information is produced 

• full: Every intermediate file is produced 

• wdktags: Only the result of the wdk tag library transformation is 

output 

• wdk: Only the result of the widget library transformation is output 

• xsp: Only the result of the xsp transformation is output. 

• model: Outputs the result of executing the Java code produced from the 
model page. 

The wdkdebugoutput property can have the following values: 

• sourcedir: The output files are placed in the same directory where the 
source documents are read from. 

• browser: The output files are sent to the browser 

• repository: The output files are placed in the cocoon repository 
directory. 

The wdkdisablecache can either be "true" or "false". If true the cocoon 
cache is not used. 

The init method of the SabaXSPProcessor creates an instance of the 
DebuggerConfig class, and the process method creates an instance of 
XSPDebugger. The XSPDebugger is a subclass of Debugger and it uses the 
DebuggerConfig object to read the debugger configuration from the 
cocoon.properties file. 
The DebuRger and XSPDebugger classes 

The Debugger has the following API: 

public void readParameters(Dictionary 
parameters, 

DebuggerConfig config); 
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This method initiahzes the Debugger with the current debugging 
property values. 

protected boolean debugThis(String rule); 

The method returns true if the wdkdebug property is either "full" 
5 or matches the rule parameter. 

protected boolean browserOnlyO ; 

The method returns true if the wdkoutput property is set to 
"browser". 

public boolean cacheDisabIed() ; 
10 Returns true if the wdkdisablecache is true. 

The XSPDebugger introduces the following methods: 

public boolean debugLogicsheet(String rule, Document document); 

Returns true if Debugger.debugThis(rule) is true AND if 
Debugger.browserOnlyO is true. If only Debugger. debugThis(rule)is true, 
1 5 then first saves the intermediate result before returning false, 

public void debugFmalXSP(Document document) 

If the the wdkdebug property is full or set to model then the result 
of executing the code produced from the model file is output. 
Custom XSLT processor 
20 The default XSLT processor that comes with Cocoon performs a single 

XSLT transformation only. However, Web Content Server 800 requires two XSL 
transformations after the Java code produces the data. The first transformation 
replaces the widgets with their HTML representation (the widget transformation) 
while the second transformation renders the data (the view transformation). To 
25 make the engine aware of the Web Content Server 800 XSLT processor, the 

following line is added to the cocoon.properties file: 

processor . type .wd.k_xsl = 
com. saba . web . engine . WDK_XSLTProcessor 

The Web Content Server 800 XSLT processor takes as input the document 
30 object model produced by executing the XSP page. The processor extracts the 

xmhstylesheet processing instructions firom the DOM, and executes XSL 
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transformations using the stylesheet documents referred to by the "href data 
element in the processing instructions. (The xml: stylesheet processing instructions 
were inserted in the source document by the control file processor — see the 
ControlFileProcessor algorithm section for details). After each transformation 
5 step, if the debugger flags are set, the DOM is serialized and saved to a text file. 

The following code snippet shows how the widget and view 
transformations are performed: 
try { 

/* get all stylesheets referred to by this document */ 
10 Vector resources = getResources(document, request, context); 

/* apply each stylesheet in turn */ 
Enumeration e = resources.elementsQ; 
while (e.hasMoreElementsQ) { 
Object resource = e.nextElement{); 
15 this.logger.log(this, "Processing stylesheet " + 

resource.toStringO, Logger.DEBUG) ; 
Document stylesheet = getStylesheet(resource, request, 

! xsltDebugger.cacheDisabledO) ; 
Document result = this.parser.createEmptyDocument(); 
20 document = transformer.transform(document, null, stylesheet, 

resource.toStringO, result, params); 
if (xsltDebugger.debugStylesheet(document, resource)) { 
// requested debug output to browser, so done now 
return document; 

25 } 
} 

return document; 

} catch (PINotFoundException e) { 
return docmnent; 

30 } 



sf-1028086 



108 



Docket No.360322000900 



Custom XSP Page class 

Each XSP page (model page) is transformed to a Java object (source code 
generated, compiled and the class is loaded). Li Web Content Server 800 the 
generated Java objects are instances of the SabaXSPPage class, which is a 
5 subclass of the XSPPage class. (The XSPPage class is the default class provided 

by Cocoon.) In order to change the class from XSPPage to SabaXSPPage, the 
following changes had to be made: 

1 . Create a new xsp-java.xsl taglibrary stylesheet based on the 
default stylesheet that comes with Cocoon: 

10 a. Change the class declaration line to extend 

SabaXSPPage instead of XSPPage as follows: 

public class <xsl:value-of select="@name"/> 
extends SabaXSPPage { 

b. Livoke the initialization method specific to 
1 5 SabaXSPPage in the populateDocument method: 

initializeOnRequest(request, response); 
This method initializes protected site and logger variables. 
(See below) 

2. Change the cocoon.properties file by adding the following line: 
20 processor .xsp.java.logicsheet = /com/saba/web/engine/xsp-java.xsl 

The SabaXSPPage class provides model pages access to frequently needed 
information including: 

• Site: information about the SabaSite object representing the current 
saba site. 

25 • Path information: extracted from the Saba site object for convenience 

• Access to a logger for debugging and status messages 

SabaXSPPage declares protected member variables for each: 
protected SabaSite wdkSite; 
protected Logger wdkLogger; 
30 protected String wdkBaseURL; 

protected String wdkRoot; 
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These variables are therefore accessible by model pages and by the tags 
defined in the wdktags tag library. 
Structure of Model Pages 

Model pages are Extensible Server Page (XSP) pages. XSP pages can 
contain a mix of static content and content generating programming logic by using 
xsp directives (tags) defined in the xsp tag library. Furthermore, an XSP page can 
make use of an indefinite number of application specific tag libraries. A Web 
Content Server 800 model page uses the wdktags tag library to simplify certain 
common programming tasks. 

Web Content Server 800 model pages have a very well defined structure. 
The document element of the page is <xsp:page>. The document element can 
contain <xsp:structiire> and other xsp directives, but it can contain a single non- 
xsp element only. For a Web Content Server 800 page that element is wdk:page. 
The wdk:page element consists of the following subsections: 

• wdk:head - contains internationalized labels, the page title, image 
references, link mapping information (generated automatically from the control 
file by the control file processor). 

• wdk:form — The wdk:form element is one of the elements in the widget 
library. Since most wdk pages are HTML forms, the wdk:form element is used 
to generate the HTML form and javascript functions required by a Web Content 
Server 800 application. For example, a javascript function is generated that can 
be called by link widgets to submit the form.. 

• wdk:widgets — widgets (input fields, buttons, hyperlinks, etc.) are all 
listed in the wdk:widgets section. 

The wdkrform element can contain the declaration of hidden fields needed 
by the application, and it contains a singe wdk:model element. The wdkrmodel 
element contains all "data" generated by the page. 

Often all the wdk:model section contains is invocations of Commands that 
produce the appropriate XML content. 
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Separating content from interaction 

An important property of model pages is the ability to generate/declare 
dynamic content (through commands) and interaction elements (widgets) 
independently of each other. This separation of content and widget generation 
5 allows for greater reusability. However, at the end of all the processing, the 

widgets and the content have to be combined. For example, an input text field (a 
widget) and the "name" property of a business object have to be 
connected/combined some way to make sure that that particular text field can 
display that particular property. This connectivity between model elements and 
10 widgets is achieved by Web Content Server 800 tag library tags. 

The wdktagsrattachTo tag can be used to "attach" (copy) a particular 
widget to a model element. 

For example, a software engineer may author the following simple model 
document: 

15 <xsp:page language= "java" 

xmlns : xsp= "' http : //www . apache . org/1999/XSP/Core " 
xmlns : wdktags= " http : //www. saba . com/XML/WDK/taglib " 

> 

<wdk:page> 
20 <wdk:head> 
</wdk :head> 

<wdk:forin method= "POST"> 
<wdk:model> 
<domain> 

25 <name>Domain l</name> 

<id>idl</ id> 
</domain> 
<domain> 

<name>Domain 2</name> 
30 <id>id2</id> 

</domain> 
</wdk: model > 
</wdk : f orm> 
< wdk : widget s > 
35 <wdk;: input name= "editNarae"> 

<wdktags : attachTo path= "doinain"/> 
<value><wdktags : nodeRef path= "name"/></value> 
< / wdk : input > 
< / wdk : wi dge t s > 
40 </wdk:page> 
</xsp :page> 
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The document resulting from processing the Web Content Server 800 tag 
library and the XSP engine execution will be: 

<wdk : page> 
<wdk :head> 
5 </wdk:h.ead> 
<wdk : f orm> 
<wdk : model > 
<dotnain> 

<name>Domain l</nanie> 
10 <id>idl</id> 

<wdk: input name= ■'^editName"> 

<value>Domain. l</value> 
</wdk : input > 
</domain> 
15 <domain> 

<name>Domain 2</name> 
<id>id2</id> 

<wdk: input name= "editNarae"> 
< value >Domain 2</value> 
20 _ </wdk: input > 

</domain> 
</wdk : model > 
</ wdk : f orm> 
<wdk: widgets/ > 
25 </wdk:page> 

Note that the attachTo directive effectively created a copy of the input 
widget inside each domain element. Furthermore, the nodeRef directive has been 
replaced with the text value of the element it refers to in its path attribute. 
30 The following describes the implementation of the attachTo tag. 



1 


<xsl:template match="*[wdktags:attachTo]"> 


2 


<xsl:variable name="rootNode"> 
<xsl:choose> 

<xsi:when test="wdktags:attachTo/@root"> 

<xsl:value-of select="wdktags:attachTo/@root"/></xsl:when> 
<xsl:otherwise> 

WDKDomUtils.getModeINode(xspCurrentNode.getOwnerDocument(). 

getDocumentElementO) 

</xsl:otherwise> 
</xsl:choose> 
</xsl:variable> 


3 


<xsp:logic> 
{ 

List wdkNodes = WDKDomUtils.getNodes((Element)<xsl:value-of 
select="$rootNode7>,"<xs!:vaIue-of select="wdktags:attachTo/@path7>"); 
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4 


if (wdkNodes == null) { 

throw new RuntimeException("Could not find node: <xsl:value-of 
seiect="wdktags:attachTo/@path"/>"); 

} 

Iterator wdklter = wdkNodes. IteratorQ; 
while (wdklter.hasNextO) { 




5 


wdkwidgetNode = (Node)wdklter.next(); 
wdktagsNodeStack.push(xspCurrentNode); 
xspCurrentNode = wdkwidgetNode; 


6 


if (xspCurrentNode == null) { 

throw new RuntimeException("NulI node in node list"); 

) 


7 


<xsp:content> 

<xsl:copy> 

<xsl:apply-templates select="*|@*7> 

</xsl:copy> 
</xsp:content> 


8 


xspCurrentNode = (Node)wdktagsNodeStack .pop(); 

} 
} 

</xsp:logic> 
</xsl:template> 



Line 1 specifies the match condition: this template will match any element 
that contains a wdktags:attachTo sub-element. Section 2 contains XSL logic for 
determining what root element should be used as the starting point for the value of 
5 the path attribute. If the developer specifies a root attribute, then the value of that 

attribute is used, otherwise the root element defaults to the wdkrmodel node of the 
model page. Section 3 invokes the getNodes() method on the WDKDomUtils 
class. That method returns the set of nodes that can be accessed from the root 
node through the path given in the path attribute of the wdktags:attachTo 

10 directive. Section 4 checks for error conditions and sets up the iteration through 

the set of DOM elements rettimed in section 3. In section 5 the current xsp node 
(the value of the xspCurrentNode variable) is saved on a stack, and its value is 
replaced with the next node firom the set of nodes returned in section 3. Since the 
XSP processor uses the xspCurrentNode variable to mark the current "insertion 

1 5 point" - i.e. the location where the next DOM node will be inserted in the 

Document, this operation effectively copies the current subtree (the widget) to 
each node returned in section 3. (Sections 6 and 7 perform the actual copying.) 
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Finally, section 8 restores the value of the xspCurrentNode and resumes the 
iteration. 

The following section describes the implementation of the nodeRef tag. 



1 


<xsl:template match="wdktags:nodeRef' > 


2 


<xsl:variable naine="root"> 
<xsl:choose> 

<xsl:when test="@source"><xsl:value-of selecf="@source"/></xsl:when> 
<xsl:otherwise>wdkwidgetNode</xsl:otherwise> 
</xsi:choose> 
</xsl:variable> 


3 


<xsp:logic>{ 

Element wdkChildNode = WDKDomUtils.getChildNode{(EIement)<xsl:value-of 
select="$root7>,"<xsl:vaiue-of select="@path"/>"); 

<xsp:content><xsp:expr>WDKDomUtils.getTextValue(wdkChildNode)</xsp:expr></xsp:content> 
} 

</xsp:logic> 
</xsl:template> 



5 Line 1 specifies the match condition: this rule matches every nodeRef tag. 

Section 2 determines the root node: if the source attribute is given then the value 
of that attribute is used, otherwise the value of wdkwidgetNode Java variable is 
used. The wdkwidgetNode variable is initialized in the wdktags:attachTo template 
described above. This way, if nodeRef is used in the context of an attachTo tag, 
1 0 the root node is the same node the widget is copied to. The actual node whose 

value is needed is located by following the path from the root node. Finally, the 
text value of the node is computed by calhng the WDKDomUtils.getTextvaiueQ 
method. 

Structure of View Pages 

15 View pages are XSLT stylesheets. The role of the view stylesheet is to 

convert the XML document produced by executing the model file (and the 
subsequent widget transformation) to a format understood by the user agent. For 
example, for desktop browsers this typically means conversion to an HTML 
representation. Since model pages have a well-defined structure, view pages are 

20 also highly regular. For example, there are a number of model page elements that 

should not be rendered (such as wdk:head element and its content should not be 
copied to the output). Other model pages nodes have a standard representation in 
HTML (or in the desired output format). For example, the rule for rendering 
wdk:page is to generate the <html> element, the <head> element containing the 
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<title> element. These common templates are all grouped in a default stylesheet 
that can be imported using the <xsl:import> directive by every view page. As a 
result, for simple pages, the view page needs to contain a singe cusomized 
xsl:template rule that matches on the "wdk:model" node. This template is 
responsible for rendering the data as well as the widgets. 



Example: default view transformation templates 



1 


<?xml version=''1.0"?> 

<xsl:stylesheet version="1 .0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" 
xmlns:wdk="http://www.saba.com/XMLA/VDK"> 
<xsl;output method-'xml" indent="yes7> 
<xsl:strip-space elements="*7> 


2 


<xsl:template match="r> 

<xsl:variable name="titleLabel"><xs!:value-of select=7/wdk:head/wdk:title"/></xs!:variable> 
<html> 
<head> 

<title><xsl:value-of select="$t!tIeLaber7></title> 
</head> 
<body> 

<xsl:apply-templates/> 
</body> 
</html> 
</xsl:template> 


3 


<xsl:template match-'* i @*|text()|comment()" priority="-1"> 
<xsl:copy> 

<xs!:apply-templates select="* | @*|text()|comment()7> 
</xsl:copy> 
</xsi:template> 


4 


<!— eliminate the wdk:head element and ali children of wdk:widgets -> 

<xs!;template match="wdk:head | wdk:widgets"> 

</xsl:temp!ate> 


5 


<!-- replace widget v/Ah span (so we can do CSS on it) and process their children -> 
<xsl:template match="wdk:widget"> 

<span class="{@name}"> 
<xsl:apply-templates/> 

</span> 

<br/> 
</xsl:template> 


6 


<xsl;template match="wdk:page"> 

<xsl:apply-templates/> 
</xsl:template> 

</xsl:styiesheet> 



Section 1 defines the namespaces used in the stylesheet. Section 2 defines 



the root level template. This template produces the html tags, and generates the 
html head element complete with the title element. Section 3 defines the default 
template: every element, attribute, text and comment is copied to the resulting 
dociunent, unless a more specific template provides different instructions. Section 
4 specifies a template for eliminating the wdk:head and wdk:widgets elements and 
their contents (since the contents of these tags should not be rendered using the 
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default template defined in section 3). Section 5 introduces a template for 
transforming every widget by wrapping them into a span element replacing the 
wdk: widget "wrapper". This makes it possible to use CSS styling on a per named- 
widget basis. Finally, section 6 defines the template for processing the wdk:page 
5 element. 



A view page example 



1 


<?xml version="1 .0"?> 

<xsl;stylesheet version="1 .0" xmins:xs!="http://www.w3.org/1999/XSI-/Transform"' 
xmlns;wdk="http://www.saba.com/XML/WDK"> 


2 


<xsl:import href="../xsl/view/wdk defaultview.xsr/> 


3 


<xsi:template match="wdk:nnodel"> 


4 


<h2 align- 'center"><xsl:value-of select- 7wdk:page/wdk:head/wdk:title"/></h2> 


5 


<p> 

<xsl:value-of select="Avdk:page/wdk:head/wdk:labels/wdk:label[@name='nameLaber]"/> 


6 


<xsi:for-each select="parents/parent"> 
<xsl:value-of select="name7> 
<xsi:text> > </xsl:text> 

</xsl:for-each> 

<xsl:value-of seiect="parents/ieaf/name7> 
</p> 


7 


<xsl:apply-templates select="//wdk:widget"/> 


8 


</xsl:template> 
</xsl:stylesheet> 



Section 2 imports the stylesheet containing the default templates. Line 3 
defines the rule for processing the wdk:model node. Line 4 displays the title of the 
10 page by accessing the wdk:title tag inside the wdkrhead tag. Section 6 iterates 

through each "parent" element inside the wdk:model element and displays its 
name. In section 7 any widget produced by the model page is displayed. 
The wdk taglibrary 

The wdk taglibrary contains a number of tags to simplify the development 
15 wdk model pages. The tag library includes tags for: 

• handling resource bundles for page internationalization, 

• invoking commands to generate XML representation of the 
data retrieved from the database, 

• managing the connectivity between widgets and the produced 
20 data model, 

• managing the input and output parameters to the model page, 

• etc. 
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To make the tag library accessible by the processing engine, the following 
line is inserted in cocoon.properties: 

processor.xsp.logicsheet.wdktags.java = 
s : / sys/j ava/web/com/ saba/web/xsl/taglib/wdk_taglib .xsl 
5 The value of the above property identifies the location of the taglibrary 

stylesheet. The taglibrary stylesheet contains a number of xshimport directives to 
import templates responsible for implementing subsets of tags and it also contains 

a niunber of default templates, as the code example below shows: 

<?xml version="1 .0" encociing="UTF-8"?> 
1 0 <xsl:stylesheet version="1 .0" xmlns:xsl="http://www.w3.org/1 999/XSL/Transform" 

xmlns:xsp="http://wvvw.apache.org/1999/XSP/Core" 
xmlns:wdktags="http://WAnw.saba.com/XML/WDK/taglib'' 
xmlns:wcik="http://www.saba.conn/XML/WDK"> 

1 5 <xsl:preserve-space elements="*'7> 

<xsi:inciudeh ref ="wd k_param . xs !"/> 
<xs!:inc!ude href="wdk_i1 8n.xsrv> 
<xsl:inciude href="wdk_command.xsr7> 
<xsl:inciude href="wdk_control.xsrv> 
20 <xsl:include href="wdk_site.xsl7> 

<xsl:template match="xsp:page"> 
<xsl:copy> 

<!- need to expilcitly cai! some logic in the wdk_command stytesheet -> 
<xsl:call-template name="command_header"/> 
25 <!- need to explicitly call some logic in the control stylesheet -> 

<xsl:call-template name="control_header7> 
<xsl:apply-templates/> 
</xsl;copy> 
</xsl:template> 

30 

<xsl:template match="@*|*|text()|processlng-instruction()|comment()" priority="-1"> 
<xsl:copy> 

<xsl:apply-templates select="@'|*|text()|processing-instruction()|comment()7> 
</xsl:copy> 
35 </xsl:template> 

<xsl:template match="wdk:head"> 
<xsl:copy> 
<wdk:site> 

40 <href>/<xsp:expr>wdkRoot</xsp:expr>/</href> 

<imageRoot><xsp:expr>wdkSite.getlmageRoot()</xsp:expr></imageRoot> 

<sabaservlet><xsp:expr>WDKSabaUtil.getAssociatedSabaSiteName(wdkRoot)</xsp:expr></sabaservlet 
> 

45 <sitename><xsp:expr>wdkSite.getName()</xsp:expr></sitename> 
</wdk:site> 
<xsl:apply-templates/> 
</xsl;copy> 
</xsl;template> 

50 

</xsl:stylesheet> 
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An example: wdktags:param 

The wdktagsiparam is one of the tags defined in the wdk tag Hbrary. The 
purpose of this tag is to simplify the extraction of parameters from the 
HttpServletRequest object. Traditionally, JSP, XSP or servlet programmers have 
to write a number of lines of code for the parameters they want to process. The 
code for each parameter is typically similar to the following: 

String param = request.getParameter("param"); 
if (param = null) { 

param = "some default"; 

} 

The wdktags:param tag intends to simplify this by allowing developers to 
declare what parameters they want to use in the model page, and the mundane 
task of extracting the parameter is performed by the tag itself. Thus, Web Content 
Server 800 developer can write the following in the <wdk:head> section of the 
model page: 

<wdktags:in> 
<wdktags:param name= "param" type= "String" 
default= "some default" required= "true"/> 
</wdktags:in> 

Each parameter can be defined with a single line of XML code and as a 
result of this line the developer can use a Java variable named "param" in their 
code wherever the value of the "param" HttpRequest parameter is needed. The 
wdktags:param tag is implemented in wdk_param.xsl, and is imported by the 
main taglibrary stylesheet. The following code shows the implementation of 
wdktags:param: 



1 


<?xrDl version="1.0" encoding="UTF-8"?> 

<xsl:stylesheet version="1 .0" xmlns:xsi="http://www.w3.org/1 999/XSL/Transform" 

xmlns:xsp="http://www.apache.org/1999/XSP/Core" 

xmlns:wdktags="http://www.saba.com/XML/WDKO/taglib"> 


2 


<xsl:template match="wdktags:in/wdktags:param"> 


3 


<xsp:logic> 

<xsl:variable name="paramName"><xsl:value-of select="@name7></xsl:variabte> 
<xsl:variable name="paramType"> 
<xsl:choose> 

<xsl:when test="not(@type)">String</xsl:when> 

<xsl:when test="@type- ID"'>String</xsl:when> 
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<xsl:otherwise><xsl:value-of select="@type7></xsl:otherwise> 
</xsl:choose> 
</xsl:variable> 

<xsl:variable name="paramRequirect"> 
<xsl:choose> 
<y^I'whpn tp'?t="nnt^ (?5)rpniiirpfiV'>fal<5P</y*^l'whpn> 

^/^OI.vylldi tci3t 1 lull ^^^1 It J IQIOC ^/ AOI. vm ici 

<xsl:otherwise><xsl:value-of select="@required"/></xsi:otherwise> 
</xsl:choose> 
</xsl:variable> 

<xsl:variable name="paramDefault"> 
<xsl:choose> 

<xsl:when test="@default!=""><xsl:va!ue-of select="@clefault"/></xsl:when> 
<xs!:when test="@clefault="">""</xsl:when> 
<xshwhen test="not(@d6fault) and @typ6=*String"'>""</xsliwh6n> 
<xsi:otherwise>null</xsl:otherwise> 
</xsl:choose> 
</xsl:variable> 


4 


<xsl:value-of select="$paramType7><xsl:text> </xsl:text><xsi : value-of 
select="$paramName7>=request.getParameter("<xsl:value-of select="$paramName7>"); 
if (<xsl:value-of select="$paraniName7> == null) 
<xsl:value-of select="$parannName7> = <xsl: value-of select="$paramDefault7>; 

</xsp:logic> 
</xsi:template> 
</xsl:styiesheet> 



Section 1 declares all namespaces used in the stylesheet. In line 2 the 
match condition is given for the template. This template matches on every 
wdktagsrparam tag inside a wdktags:in tag. This nested condition is necessary, 
5 because a different template may transform wdktags:param tags inside the 

wdktags:out tag. Section 3 computes the values to use for parameter type and 
parameter default value. These values are either determined from the values of 
"type" and "default" attributes of the wdktags:param tag, or default values are 
selected (the Java String class for type, and the Java null constant for default). 
10 Section 4 produces the Java code declaring the Java variable by the name given in 

the "name" attribute of the param tag, and the value is initialized either from the 
HttpServletRequest object or by using the default value computed in line 2. 
Tags defined in the Web Content Server 800 tag library 

wdktags:param Provides a convenient method for declaring and using 
1 5 parameters passed in through the HttpServletRequest. 

wdktagsrsiteRef: Generates an absolute URL from a relative URL based 
on the current site information. 

wdktags: execute: XML fragments produced by Java objects (Commands) 
can be embedded in the resulting model document using the execute tag. 
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wdktags:il8n.load: Declares the il8n resource bundle to use for the labels 
in the page. 

wdktagsulSn.path: Generates internationalized image path information 
using site parameters and information from the resource bundle specified by 
5 wdktags:il8n.load. 

wdktagsrilSn.label: Retrieves internationalized labels from the resource 
bundle specified by wdktags:il8n.load. 

wdktagsrattachTo and wdktagsrnodeRef: As described above these tags 
can be used to assign widgets to model elements and to add data dependent 
10 information to widgets. 

wdktags:repeat: Provides the capability to replicate widget components 
based on elements in the generated model. Used mainly by list widgets to generate 
the set of options dynamically. 
The widget library 

1 5 The Web Content Server 800 widget library contains rules (XSLT 

templates) for transforming a number of widgets to their HTML representation. 
The widget library provides a level of abstraction between the user interaction 
component (e.g., a text input field) and its presentation (e.g., an HTML input field 
or a WML input field). This way the content producing model pages can be 

20 reused by different control files - one may deliver the content to a desktop 

browser using the HTML widget library, while another may deliver the same 
content to a handheld device using a modified version of the widget library (e.g., 
using WML). 

The widget library contains widgets for most commonly used inputs and 
25 controls, such as: 

• Buttons and links: The link widget can be used to display an image 
button or regular hyperlink; 

• List widgets: the list widget can be used to display common drop- 
down menus, set of radio boxes or set of check boxes; 

30 • hiput widgets for entering and displaying text values and passwords; 
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• Hidden variables: for storing values in the webpage without displaying 

them; 

• Etc. 

An example: wdk: input 
5 The wdk: input widget represents the abstract notion of a text field. If the 

model page developer needs a text field to get information from the user, he or she 
needs to use the wdk: input widget. Here is an example of using the input widget: 

<wdk;: input name= "inputZip"> 
<id>inputZip</ id> 
10 <size>5</size> 

<maxlength>5</maxlength> 
< value > 6 0 2 0 2 < / value > 
<label>Enter the zip code< /label > 
<required>f alse</required> 
15 <password>f alse</password> 

</wdk : input > 

The widget transformation transforms this document fragment to the 
following: 

<wdk;: widget naine= "inputZip"> 
20 <span align= "left" class= "Input_Label">Enter the zip 

code</ span> 

  

<span align= "left" class= "Input_Field"> 

<input type= "text" name= "inputZip" size= "5" maxlength= "5" 
25 value= "60202"/> 

</span> 
</wdk:widget> 

Note that the transformed version of the widget is "wrapped into" 
wdk: widget tags. This makes it very simple for the view transformation to 
30 reference the entire widget (e.g. by using <xsi : apply- templates seiect= 

"wdk : widget [ @name= ' inputZip' ] />). Also note that the label and the field 
parts of the widget are wrapped in <span> tags with the class attribute set to 
Input_Label and Input_Field, respectively. These class attributes can be used to 
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customize the look and feel of the input widget by using Cascading Stylesheets 
(CSS) or by writing specific XSLT templates in the view transformation. For 
example, the following view transformation template will set all input labels in 
the page to use Arial font: 
5 <xsl:template match= "span[@class= 'Input_Laber]"> 

<span style= "font-family :Arial"> 

<xsl:apply-templates select= "*"/> 
</span> 
</xsl:template> 

10 The wdkrinput widget is implemented as XSLT templates as shown below: 



-1 
1 


<xsl:template match="wdk:input"> 
<xsl:variable name="formElement"> 
<xsl:choose> 

<xsl:when test- 'boolean{id)"> 

<xst:value-of s8lect="nornnalize-space(id)'Y> 
</xsl:when> 
<xsl:otherwise> 

<xsl:value-of select="@name7> 
</xsl:otherwise> 
</xsl:choose> 
</xsl:variable> 


2 


<wdk:widget name="{@name}"> 


3 


<span align-'left" class="lnput_Label"> 


4 


<xs!:if test="required=TRUE"'> 

<xsl:attribute name="style">color: red</xsi:attribute> 
</xs!:if> 

<xsi:value-of select="label"/> 
</span> 
  


5 


<span align-'left" class="lnput_Fleld"> 
<xsl:choose> 

<xsl:when test="normalize-space(password)='true"'> 
<input name="{$formElement}" type="password"> 
<xsl:ca!l-template name="input_attributes"/> 
</lnput> 
</xsl:when> 
<xsl:otherwise> 
<input name="{$formElement}" type="text"> 

<xsl:call-template name="lnput_attrlbutes"/> 
</input> 
</xsl:otherwise> 
</xsl:choose> 

</span> 


6 


</wdk:widget> 
</xsl:template> 


7 


<xsl:template name="input_attributes"> 
<xsl:if test="boolean(size)"> 

<xsi:attribute name="size"><xsl:value-of select="normallze-space(slze)"/></xsl:attribute> 
</xsl:if> 

<xsl;if test="boolean(maxlength)"> 

<xsl:attribute name="nnaxlength"><xs!:value-of select="normalize-space(maxlength)7></xsl:attribute> 
</xsl:if> 
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<xsl:if test="boolean(value)"> 

<xsl:attribute name="value"><xsl:value-of select="normalize-space(value)'7></xsi:attribute> 
</xsl:if> 

</xsl:terriplate> 

Section 1 contains the match condition for the template: every wdk: input 
element in the docxunent will be transformed using this template. In section 1 the 
name of the input field is computed as well. Section 2 shows that this widget (just 
like all the other widgets) is nested inside a wdk:widget element, which makes it 
simpler to place widgets in the view transform. Section 3 shows how the different 
components (the label and the actual text field) are embedded in an HTML span 
element. In section 4 the color of the text label is determined based on the 
"required" sub-element of the wdk:input widget. The logic in section 5 determines 
what type of text field to generate: either "password" or regular "text" field. 
Section 7 shows the template called from section 5 to fill in the attributes of the 
generated HTML input element. 
List of widgets defined in the wdk widget library 

wdk:hidden_element: Represents an HTML hidden element. The widget 
generates the required element and Javascript functions that can be invoked to set 
the value of this element. 

wdk: form: Generates the HTML form element and Javascript functions 
needed to manage the form. 

wdktinput: Represents a single line text element. Can render the widget as 
a PASSWORD or TEXT HTML form field. 

wdkrlist: Represents a widget for selecting an item from a set of 
predefined items. Supports four different HTML renderings: 

■ Dropdown list 

■ List box 

■ Checkbox set 

■ Radiobutton set 

wdk: link: Represents a link or button. Besides submitting the form, the 
link widget can be used to: 
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■ Pass parameters with the invoked URL using <field> 
subelements; 

■ Execute an unhmited number of javascript functions before (or 
instead of) submission; 

5 ■ Open popup-windows and initialize the popup-window 

variables. 

■ Process the data returned by the popup window invoked by the 

hnk 
Commands 

10 Model pages are responsible for producing an XML representation of the 

content of the page. This content typically comes from executing complex 
business logic (e.g., running database queries, exercising business APIs, etc.). 
Although model pages (being XSP pages) are capable of including programming 
logic, including a large amount of code in an XSP page makes it hard to maintain. 

15 To solve this problem Web Content Server 800 introduces an implementation of 

the Command pattern (Gamma et al.). A developer can invoke a command from a 
model page by using the execute Web Content Server 800 tag library tag. For 
example, the following line 

<wdktags : execute manager= "CatalogCommandMgr" coinmand= "search"/> 

20 invokes the execute method of the ICommand object registered under the "search" 

key of the CatalogCommandMgr and replaces the element with the XML result of 
executing the method. Here is the implementation of the wdktags: execute tag: 

<?xml version-' 1.0"?> 

25 <xsl [Stylesheet version="1 .0" xmlns:xsl- 'http://www.w3.org/1999/XSL/Transform" 

xmlns:xsp="http://www.apache.org/1999/XSP/Core" 
xmlns:wdktags="http://www.saba.com/XMI-/WDK/taglib"> 



30 



35 



<xsf:template nam6="commancl_heacIer"> 

<xsp:structure> 

<xsp:include>com.saba.xml.*</xsp:inclucle> 
<xsp:inclucle>com.saba.web.dk.*</xsp:include> 

</xsp:structure> 

<xsp;logic> 
ICommand cmd = null; 



40 private ICommand getCommand(String mngrName, String cmdName) 

throws Exception { 
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Class mngrClass = Class.forName(mngrName); 

ICommandManager mngr = (IComnnandManager)mngrClass.newlnstance(); 
return cmd = mngr.getCommand(cmdName); 



Node executeConnmand(String mngrName, String cmdName, 
HttpServletRequest request, HttpServletResponse response, 
Document document. Object argument) 
1 0 throws Exception { 

StringWriter writer = new StringWriter(); 

IXiVILVisitor visitor = XML.getDefaultXMLVisitor(writer); 

cmd = getCommand(mngrName, cmdName); 

15 if (argument != null) 

cmd.execute(request, visitor, argument); 

else 

cmd.execute(request, visitor); 
String xml = writer.toStringO; 
20 if (xml.length()!=0){ 

InputSource source = new lnputSource(new StringReader(wrlter.toString())); 

XercesParser parser = new XercesParser(); 

Document doc = parser. parse(source, false); 

return document.importNode{doc.getFirstChild(), true); 

25 } 

else { 

return null; 

} 

30 </xsp:logic> 
</xsl:template> 

<xsl:template match="wdktags:execute"> 
35 <xsl:variable name="returnVariable"> 

<xsl:choose> 

<xs!:when test="boolean(@return)"><xsl:value-of select="@return"/></xsi:when> 
<xs!:otherwise>wdkExecuteRetum<xsl:value-of select="generate-id()7></xst:otherwlse> 
</xsl:choose> 
40 </xsl:variable> 
<xsp:!ogic> 

Node <xsl;value-of select="$returnVariable"/>; 
</xsp:logic> 
<xsp:logic> { 

45 String wdkMngrName = "<xsl:value-of select="@manager"/>"; 

String wdkCmdName = "<xsl:value-of select="@command"/>"; 

Object wdkArgument = null; 

<xsl:lf test="boolean(@argument)"> 

wdkArgument = (Object) <xsl:value-of select="@argument"/>; 
50 </xsl:lf> 

<xsl:value-of select="$returnVariable"/> = (Node)executeCommand(wdkMngrName, 
WdkCmdName, request, response, document, wdkArgument); 
} 

</xsp:logic> 

55 <xsp:expr><xsl:value-of se[ect="$returnVariable"/></xsp:expr> 

</xsl:template> 

</xsl:stylesheet> 

60 The stylesheet for the wdktags: execute contains two templates. The first 

template (named command_header) is a template called by the main taglibrary 
stylesheet to create class level methods. These methods (getcommand and 
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executecommand) are called by the code that results from the transformation of 
the wdktags:execute tags. The getcommand method takes two arguments: the fully 
qualified name of a Command manager (see below) and a command name. It 
returns an ICommand object (see below for details) that is registered with the 
command manager by the command name. The executecommand method 
performs the following steps: 

1 . Creates an IXMLVisitor. It uses the default visitor provided by 
the XML class. 

2. Uses the getcommand method to get the command object 

3. Invokes the execute method on the command object. The 
created IXMLVisitor is passed to this method along with the request and 
argument objects that are passed to the executecommand method. 

4. The serialized XML document produced by the visitor object is 
parsed and the resulting DOM Node is returned. 

The template for the execute tag performs the following steps: 

1 . Sets up a DOM Node variable for the node generated by the 
executeCommand method. 

2. Invokes the executeCommand method with the classname of 
the command manager, the name of the command and the optional 
argument, and assignes the returned Node to the Node variable set up in 
step 1. 

3. Adds the generated Node to the dociunent using <xsp:expr> 

tags. 

ICommandManager 

ICommandManager is the interface implemented by individual command 
managers. It declares the following method: 

public ICommand getCominand(String name) throws Exception; 

For convenience an abstract class implementing the ICommand is defined. 
This class provides the following API for its subclasses: 

public void registerCommand (String name, ICommand command); 

Command managers can extend this class and implement a single method: 
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public abstract void initializeMapStructure() throws Exception; 
For example, the Domain command manager that manages commands 
related to security domains has the following implementation: 

public class DomainCommandManager extends 
AbstractCommandManager 
{ 

public DomainCommandManager () throws SabaException { 
superO; 

} 

public void initializeMapStructureO 

throws SabaException 

{ 

registerCommandC'searchForDomain", new SearchCommandO); 
registerCommand("getDomainAndParents" , new 
ParentsCommandO); 

registerCommand("editDomain", new EditCommandQ); 

} 

} 

ICommand 

Command objects implement the ICommand interface. The ICommand 
interface follows the Command pattern (see Gamma et al., 1995) and the 
Prototype pattern. To support prototyping, ICommand extends the Java Cloneable 
interface. ICommand declares the following methods: 

public void execute (HttpServletRequest req, 
IXML Visitor visitor) throws Exception; 

public void execute (HttpServletRequest req, 
IXML Visitor visitor. Object arg) throws Exception 
These methods are invoked by the wdktags: execute tag in a model page. 
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XML serialization framework 

Commands are used to generate an XML representation of some business 
objects. To make this task simpler, Web Content Server 800 introduces the notion 
of IXML Visitor and IXMLObject following the Visitor pattern (see Gamma et al, 

1995.). 
IXMLVisitor 

IXMLVisitor declares the following methods: 

public void visit (String prefix, String tagName, 
String value) throws XMLVisitorException; 

public void visit (String prefix. String tagName, 
Number value) throws XMLVisitorException; 

public void visit (String prefix. String tagName, 
Locale value) throws XMLVisitorException; 

public void visit (String prefix. String tagName, 
TimeZone value) throws XMLVisitorException; 

public void visit (String prefix. String tagName, 
Date value) throws XMLVisitorException; 

public void visit (String prefix. String tagName, 
URL value) throws XMLVisitorException; 

public void visit (String prefix, String tagName, 
IXMLObject value) throws XMLVisitorException; 

public void writeOpenTag (String prefix. String 
tagname) throws XMLVisitorException; 

public void writeCloseTag (String prefix. String 
tagname) throws XMLVisitorException; 

public void createModel (String className) throws 
XMLVisitorException; 
Visit methods are declared for most frequently used data types and for 
IXMLObject. Besides the visit methods writeOpenTag and writeCloseTag are 
also declared. These two methods must be used when generating nested XML 
elements. For example, take the following XML document fragment: 
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<doc> 
<name>A name</name> 
<updated> 

<person>Jill August</person> 

<date>l/l/2000</date> 
</updated> 
</doc> 

A visitor can produce this document fragment with the following sequence 
of visit calls; 

visitor.writeOpenTag(null, "doc"); 
visitor. visit(null, "name", "A name"); 
visitor. writeOpenTag(null, "updated"); 
visitor. visit(null, "person", "Jill August"); 
visitor. visit(null, "date", aDate); 
visitor. writeCloseTag(null, "update"); 
visitor. writeCloseTag(null, "doc"); 

Note: the prefix parameter for the visit, writeOpenTag and writeCloseTag 
methods is used if the tags to generate are in some specific namespace. (There is a 
separate namespace registration mechanism that associates the prefix with a 
particular namespace URLI). 
IXMLObiect 

The IXMLObject interface declares the following methods: 

public void acceptXML Visitor (IXMLVisitor visitor) 

throws XMLVisitorException; 

public String getTagName ( ) ; 
Business objects that implement the IXMLObject interface can be 
converted to XML by a command with a single method call: 

public void execute (HttpServletRequest req, IXMLVisitor 
visitor) throws Exception { 
IXMLObject obj = getBusinessObject(req); 
visitor. visit(null, "theObject", obj); 
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} 

In the above example the getBusmessObject(req) method call stands for 
some business logic that's used to create the business object (e.g., by using some 
of the business APIs). 

5 

INTERCONNECT SERVER 

The present invention provides a solution to the needs described above 
through a system and method for integrating the disparate applications, and 
managing the applications processes in a hardware resource and user effort 

10 efficient manner. The automated system of the present invention uses a business 

systems platform comprised of several unique servers to efficiently manage 
multiple appUcations which are themselves generally distributed across a network, 
and to control the execution of the required tasks with minimum use of redundant 
data input to the several applications, thereby minimizing the use of hardware 

1 5 resources and user input effort. 

As indicated above, in a preferred embodiment, the Platform Intercormect 
Server allows a platform installation to interconnect with external systems. In the 
preferred embodiment, the Interconnect Server is a platform for information 
exchange based on XML and supports many types of information exchange across 

20 heterogeneous systems. Such heterogeneous systems could include Enterprise 

Resource Planning (ERP) systems, e-mail servers, and other Saba installations. 
The Interconnect Server allows interconnection between such external systems 
and the Interface Server, Business Server, and Information Server. 

For example, this connection can be for purposes of importing data from 

25 ERP systems, exporting billing information to accounting systems, making 

catalog information available for automated search, or allowing automated 
purchasing of products. The Interconnect enables collaboration with the Platform 
network in a bi-directional fashion to allow a Platform-enabled site to share 
catalog information with the platform network, allow the platform network to 

30 place and track orders, and to share and update learner profiles. In addition, the 

process can be reversed: the platform-enabled site can enhance their internal 
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offering of courses by including selected platform network courses in their 
internal catalog offering. 

In the preferred embodiment, the Interconnect model consists of three 
parts: (1) the intercoimect backbone and the individual interconnect components 
5 installed on the interconnect backbone (2) the development API's (both the high- 

level and the low level interfaces) and (3) the standard protocols used to 
communicate between heterogeneous systems. 

Referring to Figure 9, the Interconnect Backbone of the preferred 
embodiment is shown. The Interconnect Backbone is the framework that supports 

10 all Interconnect components. The Interconnect Backbone provides the foundation 

services required by higher-level services. These foundation services are always 
present, and include services for reliable messaging, service registration, 
monitoring and management. The Interconnect Backbone comprises the 
following components that provide the core Interconnect services: 

15 DeliveryService 905, ServiceManager 910 , Locator 915, and Authenticator 920. 

The core Interconnect services are always present. 

The Intercoimect Backbone provides a framework for registering and 
resolving services. Services are registered and resolved by name in an 
intercoimect node. The ServiceManager 910 is a core service for the management 

20 of services for the Interconnect at a particular location. The ServiceManager 910 

tracks installed components, versions and system status. The ServiceManager 910 
provides system management capabilities and can be queried for system status: 
which other components are present and whether they are currently running. 
Components, which implement Interconnection Services 925, are installed on the 

25 Interconnect Backbone at a specific installation by being registered with the 

ServiceManager 910. The Locator 915 service is a service component that 
provides a way to register and resolve services by name. The Locator 915 
services provides a flat registry of services at a particular interconnect location. 
The DeliveryService 905 is a service component that insures the reliable 

30 delivery of messages. The DeliveryService 905 understands the sender, the 

recipient and quality of service, but not the content. DeliveryService 905 works 
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over a variety of transport protocols by using different DeliveryTransports. 
DeliveryTransports are abstract service components that are used by the 
DeliveryService 905 to reliably deHver messages over a particular set of network 
protocols. Such protocols include sockets, database logging tables, and HTTP. 
5 The messaging model provided by the DeliveryService 905 provides a mechanism 

for the delivery of persistent asynchronous messages using a mailbox metaphor, 
hiterconnect Services 925 using the DeliveryService 905 register themselves and 
are assigned an hibox by the DeliveryService 905. Subsequently, the registered 
service may check for messages at that hibox. The DeliveryService 905 

10 component is described in further detail belov^. 

The Authenticator service insures that messages coming into the system 
have the appropriate credentials. Capabilities can be associated with a particular 
service and users can be assigned CapabilitySets. When a service is resolved, the 
Locator 915 calls the Authenticator 920 to validate that the requesting user has the 

15 appropriate capabilities to use the service they are requesting. A Capability is 

created for each named service in an interconnect location, for example 
"SAP/Financials/ Accessor". Capabilities have names and in this case the name of 
the capability will be the same name as the service. Once created. Capabilities can 
then be given to users who want to access the service. When a message is 

20 constructed, the user adds their capabilities to the message. When the message is 

received by the target location the local DeliveryService 905 validates the 
capabilities with the Authenticator 920. The Authenticator service is the 
generator of capabilities and capability keys. If a passed in capability doesn't have 
the appropriate key the capability is not set and the authentication is rejected. The 

25 service is also used by other core Interconnect Services for authenticating 

particular application level requests. Since a capability is a name-key mapping, an 
interconnect service can create capabilities for any purpose desired. 

Other interconnect services are implemented like the core Interconnect 
Services described above. These Interconnect Services register and resolve by 

30 name and respond to and send Interconnect messages. Services are configured 

and managed using Java classes and scripts. When interconnect components are 
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installed on the Interconnect Backbone, a site is said to be "connector enabled". 
These components allow connections to external systems such as ERP systems to 
import, export, and synchronize data. 

Key to the Interconnect design is the separation of interface from 
5 implementation. Many of the service components are broken into a generic 

platform independent portion and a platform specific portion that minimizes the 
impact of changes to the implementation in the fUture. Most coimector 
components consist of a public service component (which is generic) and a 
service sub-component (which is system specific). The implementation of a 

10 connector in this framework consists of providing concrete implementations for 

the service sub-components and creating XSL stylesheets that describe mappings 
between a Local Format (LF) and Interchange Format (IF). Local formats are 
system-specific representations of the data supported by a service, while 
Interchange Formats are universal representations used for exchange between 

15 systems. 

Referring to Figure 9, these Connectors services may include Monitor 945, 
Accessor 935, Importer 940, and Updater (not shown). Accessors, Importers, and 
Updaters are essentially thin wrappers around XSL stylesheet operations. They 
translate documents between native formats and the Interchange format using a 

20 predefined stylesheet. These cormector services may also contain additional logic 

for cases where a single Interchange format document represents multiple native 
documents, and vice versa. A more detailed description of the service 
components for these Connector services and their implementation on the 
Intercormect Backbone follows. 

25 The Accessor 935 is a public service component that is used to extract 

objects from the source representation and convert them to a Interchange Format 
(IF). An Accessor 935 is configured to use a particular AccessorReader 950 to 
extract the objects from the source system and collaborate with Translators to 
perform the conversion to IF. The AccessorReader 950 is an absfract service sub- 

30 component that is used by an Accessor 935 to extract an object, or set of objects 

from a source system and convert them into an Interchange Format. Concrete 
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implementations of the AccessorReader 950 are system specific and use the native 
API of the source system. 

The hnporter 940 is a pubhc service component that is used to import 
objects from Interchange Format to the target representation. An Importer 940 
5 will collaborate with Translators to perform the conversion from IF and be 

configured to use a particular ImporterWriter 960 to inject the objects into the 
target system. The ImporterWriter 960 is an abstract service sub-component that 
is used by an Importer 940 to convert an object, or set of objects into a Local 
Format (LF) and write them to a source system. Concrete implementations of the 
1 0 ImporterWriter 960 are system specific and use the native API of the target 

system. 

The Monitor 945 is a public service component that monitors changes to 
local objects and reports changes to interested parties in Interchange Format. 
Clients can register to receive notification of the change only, or have the changed 

15 object sent with the notification. A Monitor 945 is configured to use a particular 

ChangeManager 955 to map changes in the source system to a standard event 
format that the monitor can use. The ChangeManager 955 is an abstract service 
sub-component that is used by a Monitor 945 to map local events into the standard 
event format. Concrete implementations of the ChangeManager 955 are system 

20 specific and use the native API of the source system to capture events. 

When the Monitor 945 receives an event from the ChangeManager 955, it 
checks to see if the object needs to be sent with the notification. If so, the Monitor 
945 will collaborate with the Accessor 935 and Mapper to provide the conversion 
from source object to Interchange Format. The Monitor 945 uses the Mapper to 

25 find the platform ID associated with the local identifier in the event. This platform 

ID is then used to request the object from the Accessor 935. The Mapper is a 
utility that provides object and class level mapping services between 
representations, each connector framework contains a single instance of the 
Mapper. The Mapper data is persistent this enables the cross reference data to 

30 survive restarts. The Mapper maintains maps for (1) Platform ID to Document 

Type, (2) Local ID to Platform ID, and (3) Platform (Interconnect) user to Local 
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(mapped system) user. The Mapper ( discussed in detail in a later section 
)converts a local object Id ( a combination of Id and Class type ) into a Platform 
Object Id ( POID ), POID is an Id that is unique across applications. POID is a 
serializable class that has URL representation 

"http://" + host + "/interconnect/" + platform + "/"+seqNo 
where host -> is the hostname of the machine on which the connector is 
running 

platform -> a parameter defined at the Saba site level. This 
parameter will make the POID unique if multiple Saba sites are running on the 
same machine. 

SeqNo -> is a sequence number that that is unique for a host. 

Example of a POID is 
http : ll\ ade/interconnect/S aba/ 1 this could be a representation of local id 
emploOOOOOOOOOOOlOOO with class type com.saba.busobj.SabaEmployee. This 
representation can be converted to instance of POID by using static method in the 
POID class. 

POID class definition is 

public class POID implements IXMLRenderable 
{ 

private GenericOb j ectID mLocallD; 
private URL mURL; 
private long mid; 

public POID (GenericObjectID locallD) { 
mid = getNextldO; 
try . 
{ 

mLocallD = locallD; 

mURL = new URL (getURLPref ix ( ) + locallD . toString ( ) + 

"/" + mid) ; 

} 
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10 



15 



catch (Malf ormedURLException x) 
{ 



} 

public void setLocallD (GenericObj ectID locallD) { 
try { 

mLocallD = locallD; 

mURL = new URL (getURLPref ix ( ) + locallD . toString ( ] 

" / " + mid) ; 

} 

catch (Malf ormedURLException x) { 
} 

if (mid == -1) 



{ 



mid = getNextldO; 



20 



25 



30 



35 



public String toString (] 



return mURL . toString ( ) ; 



public URL getURLC 



return mURL; 



public GenericObj ectID getLocallDO 



return mLocallD; 



public static POID getPOID (String url) 



{ 



String temp=new String (url ) ; 
int pos=temp . lastlndexOf ( " / " ) ; 
String templ=temp . substring (pos+1) ; 
Long temp2=Long.valueOf (tempi) ; 
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long liash=temp2 . longValue ( ) ; 
POID poid=new POID(); 
poid.mId=hash; 
try { 

poid .mURL=new URL(url) ; 

} 

catch (MalformedURLException x) 

{ 

} 

return poid; 



Mapper stores the cross reference between the local Id and the POID 
representation of the local Id. The Mapper also stores cross reference between 
foreign POID and local Id in the case where the Object originated from a foreign 
system. 

A Transformer is a utility that provides translation services between 
representations using mapping data and XSL style sheets. A Transformer wraps a 
particular XML parser and XSL translator. The Accessor calls an implementation 
of the transformer and passes the Local Format and the stylesheet, the transformer 
translates the Local Format into Interchange Format. 

Implementing a connector involves building four platform specific 
components and defining a set of document, object and user mappings. The 
platform specific components are described in detail below and include the (1) 
ChangeManager 955 (maps system events to Monitor 945 events), (2) 
AccessorReader 950 (extracts objects from the system in XML format), (3) 
ImporterWriter 960 (injects objects into the system from XML format), and (4) 
Local ObjectID (Encapsulates the system object identifier, this is not required if 
the system can use the GenericObjectID available). Additionally, the types of 
documents to be exchanged need to be defined. Once these are determined and 
their format defined, XSL style sheets need to be written which convert 
Interchange Format to the system specific XML format and vice versa. 
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At system deployment time, a number of mappings need to be defined. 
These include (1) Dociiment type to style sheet, (2) local User to system user, and 
(3) the Translator the connector will use. 

The ChangeManager 955 sub-component monitors the native system for 
5 all events such as Insert/Update/Delete on objects. It can interact with the event 

notification mechanism of the native system to capture all the events and then 
pass these events to the monitor for further handling. The ChangeManager 955 
accepts events from the native system, converts these events into MonitorEvent 
Objects, and forwards these to the Monitor 945 using the method 

10 IChangeManagerAdaptor.notifyO method. Once the Change Manager passes an 

event on to the Monitor 945, it is then the responsibility of the Monitor 945 to 
reliably dehver the request on to any subscribers who have registered interest. The 
Monitor 945 will filter out any events that are not subscribed to. Specifically, the 
Change Manager is responsible for (1) keeping track of all the events that take 

15 place in the native system, (2) creating MonitorEvent Objects for all events 

supported by the native change management, (3) Calling the notify method of the 
Monitor with a given event. 

ChangeManager 955 requires a reference to its owning Monitor 945 class 
to invoke its notifyQ event. It also needs a LocalUser object to obtain credential 

20 information. These references are provided during construction. 

public abstract class ChangeManager throws 
connectorException 

{ 

25 public ChangeManager (Monitor theMonitor, UserObject 

user) 

public void shutdown () 

} 

30 As mentioned above, the ChangeManager 955 converts each system event 

into a MonitorEvent object, which it passes on to the monitor by calling its notify 
method. The Monitor Event class is as follows: 

public class MonitorEvent { 
35 public Object objectID; 

public String eventType; 
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public String docType; 
public Boolean applyStyleSheet ; 
} 

5 The Monitor is responsible for implementing the interface 

IChangeManagerAdaptor which currently defines a single method. 

public interface IChangeManagerAdapter { 

10 public void notify (MonitorEvent event); 

} 

The ChangeManager.shutdownQ method is invoked by the Monitor 945 
and is used to gracefully disconnect the ChangeManager 955. When shutdown() is 
1 5 called, the ChangeManager 955 is responsible for closing any open connections, 

unregistering itself fr^om the native event system and taking any other action 
required to perform a clean shutdown. The ChangeManager 955 can shut down 
itself if required by using this method. 

20 The AccessorReader 950 is a platform specific sub-component of the 

Accessor 935. It is responsible for extracting an object from the native system in a 
convenient XML representation. The representation produced must be complete 
enough to allow it to be transformed into the appropriate document in hiterchange 
Format. An instance of an AccessorReader 950 will service the requests of a 

25 particular user. When an AccessorReader 950 is created a UserObject that 

identifies the system user is passed to it in its constructor. The AccessorReader 
950 is responsible for making managing a connection to the native system on 
behalf of this user. The Accessor 935 is responsible for making sure that incoming 
requests are assigned to the appropriate AccessorReader 950 for the requesting 

30 user. The AccessorReader calls the Mapper to get the Platform Id ( POID ) for 

the local Id representation, the local Id representation is replaced with the POED. 

An implementation of an AccessorReader 950 will be derived fi-om the 
abstract class of the same name: 

35 public abstract class AccessorReader implements 

lAccessorReader 
{ 

public AccessorReader (UserObj ect user) ; 
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} 

public interface lAccessorReader { 

5 public Reader extractOb j ectReader (Obj ect locallD) 

throws lOException, ConnectorException; 

public URL extractObjectURL (Object locallD) 
throws Malf ormedURLException, 
10 ConnectorException; 

public void shutdown (); 

} 

15 Specifically, the AccessorReader 950 is responsible for (1) Establishing a 

connection into the system based on the User Id and Credentials (2) Extracting the 
required object based on the information passed in Local Object (3) Transforming 
that Object into a serialized representation, which is an XML document (4) If the 
object type of the local object maps to more than one object in native system, then 

20 extracting all the corresponding objects in the current context, (5) As the objects 

to be transported to and from the native system are known, information about 
which objects have to be extracted for a given object can be maintained 
specifically for the current implementation, (6) Serializing this localObject/s into 
a single Local XML representation (7) Returning this XML document back to the 

25 Accessor 935, (8) Providing a clean shutdown by closing the connection. The 

shutdown method is invoked by the Accessor 935 when it needs to shutdown the 
AccessorReader 950. 

The ImporterWriter 960 is a platform specific sub-component of the 
Importer 940. It is responsible importing an object into the native system fi-om a 

30 convenient XML representation. The representation must be able to be produced 

fi-om a docimient in Interchange Format using XSL style sheet transformations. 
Like the AccessorReader 950, an instance of an ImporterWriter 960 will service 
the requests of a particular user. Once an Object has been imported the newly 
created local Id and the Foreign POED sent along with the Interchange format are 

35 inserted into the Mapper for subsequent use. Mapper is discussed in detail in a 

later section. 
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An implementation of an Importer Writer 960 will be derived from the 

abstract class of the same name: 

public abstract class ImporterWriter implements 
IlmporterWriter { 
5 Object mUser; 

public ImporterWriter (UserObj ect user) 
{ 

mUser = user; 

10 } 

public interface IlmporterWriter { 
/ * * 

Insert the objects from the input stream and return 
15 an array of native (local) identifiers for the new 

objects. The input stream is in a localized XML 
format . 
*/ 

public Object insertObj ectFromStream (Writer in) 
20 throws ConnectorException; 

/ * * 

Insert the objects from the URL and return an array 
of native (local) identifiers for the new objects. 
25 The input URL is in a localized XML format. 

*/ 

public Object insertObj ectFromURL (URL url) 

throws Malf ormedURLException, ConnectorException; 
public void shutdown () ; 

30 } 

The ImporterWriter 960 is responsible for (1) Establishing a connection 
into the system based on the User Id and Credentials (2) Mapping the single XML 
document received to one or more objects required to be inserted into the native 

35 system (3) Converting the Native XML representation of the object into native 

system specific format (4) Based on the event to be performed, insert, update or 
delete the database (5) In case of a new object being inserted, returning the local 
identifier for the object inserted (6) Providing a clean shutdown by closing the 
connection. The Importer 940 invokes the shutdown method when it needs to 

40 shutdown the ImporterWriter 960. 

The UserObject encapsulates system specific User information for an 
application level login (user id and password). The platform specific parts of the 
connector services will use this information to log into the target system. For 
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example a ChangeManager 955 may need to login to the database to trap the 
events. The UserObject object encapsulates a string-based userlD and the notion 
of Credentials. Each Platform implementation provides its own LocalUser object. 
Implementations provide a subclass of the credentials Object customized for the 
5 security requirements of their system; in the simplest case the credentials are a 

String password. 

public class UserObject implements Serializable 

{ 

10 string mUsername; 

Object mCredentials ; 



public UserObj ect (String username. Object credentials) 

mUsername = username; 
mCredentials = credentials; 



public String getUsername { ) 
return mUsername; 

public Object getCredentials ( ) 
return mCredentials; 



15 



20 



25 



30 

The Local object contains information about the object that the connector 
uses uniquely identify an object in the native system. It holds the following 
information about the object (1) ID: An opaque object identifier, and (2) aClass: 
the type or class of the object. 

35 

The LocalObjectID class is defined as: 

public class LocalObjectID 
{ 

40 Object mID; 

Object mClass; 

public LocalObjectID (object ID, Object aClass) 
{ 

45 mID = ID; 

mClass = aClass ; 

} 
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public Object getID() 

{ 

return mID; 



public Object getObjectClass ( ) 

{ 

return mClass; 

10 } 

} 



Referring to Figure 10, an example of the operation of the above 
Interconnect services in which a purchase order is delivered from a Source site 

15 1000 to a target SAP system 1005 utilizing the Interconnect Server 1010 is set 

forth. An Importer component 1015 resides on the target SAP system and the 
Requestor 1020, Monitor 1025, Event Manager 1030, Accessor 1035, and 
Transformer 1040 components reside on the Interconnect Server 1010. At step 1, 
At the Source site 1000, a Purchase order 1045 is generated and a "Sabalnvoice" 

20 object is created. At step 2, the Purchase Order 1045 is saved. Because it needs to 

be synchronized with a remote system, this triggers a pre-registered 
ChangeManager event at the EventManager 1030. At step 3, the ChangeManager 
passes the unique id of the Sabalnvoice to the Monitor 1025. At step 4, the 
Monitor 1025 instructs the Accessor 1035 to retrieve the SabaOrder in 

25 Interchange Format. At step 5, the Accessor 1035 retrieves the Sabalnvoice in 

serialized, canonical XML format. This is an internal XML format that varies for 
each business object. Its essential feature is that it contains all relevant 
information about the PO in attribute/value format. Step 5 uses a standard method 
available for all SabaObjects. 

30 

The following example Local Format document is a sample Sabalnvoice 
serialized into XML: 

<?xnil version="1.0" standalone="yes"?> 

<SabaObjectSerializationxnilns:dt="um:w3-org:xmldatatypes"> 
35 <SabaObject type="com.saba.busobj.SabaInvoice" id="mvce000000000001000" 

status="new"> 
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<amt_paid dt:type="numb,er">0.0</amt_paid> 
<other_charges dt:type="number">0.0</other_charges> 
<acct_id 

idref=''http://spanuganti/intercoimect/Saba/com.saba.iiitercorinect.ObjectID@94902deb/206''/> 
5 <updated_by dt:type="string">uone</updated_by> 

<balance dt:type="number ">425 .0</balance> 

<updated_on dt:type="dateTime">2000-l 1-10 19:17:40.000</updated_on> 

<created_by dt:type="string">uone</created_by> 

<created_id 

1 0 idref="http://spanuganti/intercoimect/Saba/com.saba.intercomiect.ObjectID@ 1 70064/6"/> 

<inv_date dt:type="dateTiine">2000-ll-10 19:17:40.000</inv_date> 
<created_ondt:type="dateTime">2000-ll-10 19:17:40.000</created_on> 
<splitdt:type="strmg">domin000000000000001</split> 
<status dt:type="number"> 1 00</status> 

1 5 <time_stamp dt:type=''striiig''>20001 1 101917399262</time_stamp> 

<flagsdt:type="string">0000000000</flags> 
<invoice_no dt:type="string">00 1 000</mvoice_no> 
<currency_id 

idref=''http://spanuganti/intercorinect/Saba/com.saba.intercomiect.ObjectID@14966/34"/> 
20 <total_charges dt:type="nvimber">425.0</total_charges> 

</SabaObject> 

<SabaObjecttype="com.saba.busobj.SabaInvoiceItem" id="invitOOO0O0OO0O01O00" 
status="new"> 

25 <order_item_id idref^"ordit000000000001060"/> 

<invoice_id 

idref="http://bnemazie/mtercoimect/Saba/com.saba.intercomiect.ObjectID@c82f961c/10rV> 
<time_stamp dt:type="string">200011 101917406145</tmie_stamp> 
</SabaObject> 

30 

<SabaObjecttype="com.saba.busobj.SabaOrder" id="extor000000000001040" 
status="new"> 

<city dt:type="string">Sumiyvale</city> 
<addrl dt:type="string">Addr ll</addrl> 
35 <country dt:type="string">US</coiintry> 

<shipped_amt dt:type="number">0.0</shipped_amt> 
<state dt:type="string">CA</state> 
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